Call For Parrots: CHACHA20-POLY1305 preferred parrots

[H1JK]

All parrots found in u_parrots.go are AES-GCM preferred. For the browser being parroted, this is fine because they have constant-time AES-GCM implementation that Go does not have. So using AES-GCM on 32-bit devices or devices w/o AES/GHASH acceleration might be bad for Go.

Introducing another constant-time AES implementation can also make sence, but I wonder if we can introduce some CHACHA20-POLY1305 preferred parrots to guarantee both speed and safety on those platforms? That would be great!

For example, I have found these 2 client on ssllabs.com that meet my expectation:
https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=12.1.1&platform=iOS%2012.3.1&key=166
https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=9.0&key=158

[gaukas]

I think it is a good idea in terms of enriching the available parrots. Could you please provide either a PR or tlsfingerprint.io links to example clienthello messages (e.g., the ones you mentioned). Much obliged!

[H1JK]

tlsfingerprint.io has limited search capabilities, and I couldn't do a fuzzy match (or don't know how) to the CHACHA20-POLY1305 preferred parrot, but I got the following two with the help of Google: (not the ssllabs parrots above)

https://tlsfingerprint.io/id/ddac9f85dfdf63e0

https://tlsfingerprint.io/id/e666bf5b327d4391

Do you have access to the tlsfingerprint.io database? Maybe you can search database directly to find a more suitable parrot. I'm tired of frequent errors occurred on tlsfingerprint.io :-( (it's still returning status code 500 now)

[gaukas]

Bummer... I will take care of the tlsfingerprint.io first i guess.

[DerekMarshall]

@gaukas would you want help with tlsfingerprint.io?

[gaukas]

We are currently working on renovating the tlsfingerprint.io by rewriting a lot of stuff. Once some preliminary work is done we could definitely use your help! I really appreciate it.

[H1JK]

I'm sorry to cause you trouble. Your work really helps a lot of us, thank you for your hard work!

[gaukas]

some indirectly relevant updates on this: today we finally migrated + upgraded tlsfingerprint.io (see https://github.com/refraction-networking/tls-fingerprint/pull/11 for code if interested), so I will be able to spend more time to work on this issue.

(It turns out that our server is still unstable, though, hopefully it will get fixed in the future.)

[gaukas]

Following up on this issue: it doesn't look like there is any popular (>1% of all the connections in a week) parrots preferring TLS_CHACHA20_POLY1305_SHA256 (searched by CipherSuites start with 0x1303 or 0x0a0a, 0x1303) being observed by tlsfingerprint.io. It would be really interesting to see if any popular TLS Client implementation, either a web browser or some other applications preferring this cipher.

[gaukas]

@H1JK, should it be possible, please refer me to any resource about this cipher suite, either a discussion thread about it, or any "popular" source advertising it.

I am really curious about it, since you brought this up while there seemed to be little to no well-known instance preferring this ciphersuite.

[H1JK]

At the bottom of https://tlsfingerprint.io/id/ddac9f85dfdf63e0 there is a UserAgent list and it lists some curl and safari user-agents.

After searching, I heard that some Macs prefer ChaCha20-Poly1305 on safari and curl, but this phenomenon does not happen on all Macs. But this can also explain the user-agents of this cipher suite.

ChaCha20-Poly1305 used to be popular, but as old electronic devices are retired, many devices in use now support AES, so it may not be unreasonable for these TLS clients' behavior to prefer AES-GCM by default. But there are still some hardware, such as Raspberry Pi, which does not support AES hardware for some reason, so we still need it and it would also enrich our parrot list. If not looking for old devices, looking for it from Raspberry Pi and these Macs may be a direction. I also want to ask how tlsfingerprint.io automatically records the User-Agent corresponding to the TLS fingerprint?

[gaukas]

some Macs prefer ChaCha20-Poly1305 on safari and curl

If we can get a solid evidence that a relatively popular client MAY generate a certain TLS Fingerprint preferring CHACHA20-POLY1305, it would also be acceptable. However in that case tlsfingerprint.io may not be very helpful.

how tlsfingerprint.io automatically records the User-Agent corresponding to the TLS fingerprint

It only records the user-agent reported by the HTTP client visiting our site. So... it is not really trustworthy, could be of reference though.