Call For Parrots: CHACHA20-POLY1305 preferred parrots

[H1JK]

All parrots found in u_parrots.go are AES-GCM preferred. For the browser being parroted, this is fine because they have constant-time AES-GCM implementation that Go does not have. So using AES-GCM on 32-bit devices or devices w/o AES/GHASH acceleration might be bad for Go.

Introducing another constant-time AES implementation can also make sence, but I wonder if we can introduce some CHACHA20-POLY1305 preferred parrots to guarantee both speed and safety on those platforms? That would be great!

For example, I have found these 2 client on ssllabs.com that meet my expectation:
https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=12.1.1&platform=iOS%2012.3.1&key=166
https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=9.0&key=158

[gaukas]

I think it is a good idea in terms of enriching the available parrots. Could you please provide either a PR or tlsfingerprint.io links to example clienthello messages (e.g., the ones you mentioned). Much obliged!

[H1JK]

tlsfingerprint.io has limited search capabilities, and I couldn't do a fuzzy match (or don't know how) to the CHACHA20-POLY1305 preferred parrot, but I got the following two with the help of Google: (not the ssllabs parrots above)

https://tlsfingerprint.io/id/ddac9f85dfdf63e0

https://tlsfingerprint.io/id/e666bf5b327d4391

Do you have access to the tlsfingerprint.io database? Maybe you can search database directly to find a more suitable parrot. I'm tired of frequent errors occurred on tlsfingerprint.io :-( (it's still returning status code 500 now)

[gaukas]

Bummer... I will take care of the tlsfingerprint.io first i guess.

[DerekMarshall]

@gaukas would you want help with tlsfingerprint.io?

[gaukas]

We are currently working on renovating the tlsfingerprint.io by rewriting a lot of stuff. Once some preliminary work is done we could definitely use your help! I really appreciate it.

[H1JK]

I'm sorry to cause you trouble. Your work really helps a lot of us, thank you for your hard work!

[gaukas]

some indirectly relevant updates on this: today we finally migrated + upgraded tlsfingerprint.io (see refraction-networking/tls-fingerprint#11 for code if interested), so I will be able to spend more time to work on this issue.

(It turns out that our server is still unstable, though, hopefully it will get fixed in the future.)

[gaukas]

Following up on this issue: it doesn't look like there is any popular (>1% of all the connections in a week) parrots preferring TLS_CHACHA20_POLY1305_SHA256 (searched by CipherSuites start with 0x1303 or 0x0a0a, 0x1303) being observed by tlsfingerprint.io. It would be really interesting to see if any popular TLS Client implementation, either a web browser or some other applications preferring this cipher.

[gaukas]

@H1JK, should it be possible, please refer me to any resource about this cipher suite, either a discussion thread about it, or any "popular" source advertising it.

I am really curious about it, since you brought this up while there seemed to be little to no well-known instance preferring this ciphersuite.