TLS error when connecting to node-Tor bridge

[NullHypothesis]

I set up a node-Tor bridge as described in the manual and the installation worked fine. However, when I try to connect to the bridge, the TLS handshake fails because there's apparently no shared cipher. The node.js log says the following:

Sun Dec 07 2014 20:18:31 GMT+0100 (CET)Error: 139704662415232:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1360:

    at SlabBuffer.use (tls.js:234:18)
    at CleartextStream.read [as _read] (tls.js:454:29)
    at CleartextStream.Readable.read (_stream_readable.js:340:10)
    at callback (tls.js:840:20)
    at SecurePair.onclienthello (tls.js:847:5)
    at EncryptedStream.write [as _write] (tls.js:359:31)
    at doWrite (_stream_writable.js:225:10)
    at writeOrBuffer (_stream_writable.js:215:5)
    at EncryptedStream.Writable.write (_stream_writable.js:182:11)
    at Socket.<anonymous> (/home/phw/active_probing_experiment/bridge_setup/node_modules/node-Tor-min.js:170:14102)Sun Dec 07 2014 20:18:33 GMT+0100 (CET)Error: 139704662415232:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:../deps/openssl/openssl/ssl/s3_srvr.c:1360:

I'm not sure what to make of that because it looks like there are shared ciphers. When executing the following test script, I see that the Tor client and node-Tor share at least TLS_ECDHE_RSA_AES_128_GCM_SHA256:

var tls = require('tls');
var ciphers = tls.getCiphers();
console.log(ciphers);

I'm running Ubuntu 14.04 LTS with Ubuntu's node.js in version 0.10.25.

Any ideas what's going on here?

[Ayms]

I suppose that you have tried http://peersm.com/peersm#IP:port when you attempt to connect to the bridge, correct?

node v0.10.x does not work fine with node-Tor, you need first to upgrade to v0.11.9 (stable version for node-Tor) or v0.11.14 (upgraded recently, seems stable too)

And I just upgraded node-Tor-min.js in the install repo which I forgot to do following the latest changes.

You might see this message "createSecurePair() is deprecated (debug.txt at root), use TLSSocket instead" but that's not blocking, it's on my TODO list.

What do you see in debug-prod.txt?

If the problem persists, thanks to send me the IP:port of the bridge so I can try it.

[NullHypothesis]

Upgrading to the most recent node.js did the job, thanks Ayms! I should have read the last section of the instructions more carefully, my apologies.

Ultimately, I'm interested in having a node-Tor installation (a bridge or a relay such as the "ordb" relays) which can directly deal with incoming Tor connections instead of Websocket connections. Do you happen to have instructions for that as well?

[Ayms]

You're welcome, I will update the doc, it's not very clear which node version should be used.

Could you please give more details about what you expect from the ordb-like (you want a full OR, an entry point OR, a socks OP, you want to install it yourself of be able to access it, etc)? Here or off github if you prefer, node-Tor has many options, for example right now the ordbs do not extend circuits in order not to mix Peersm and Tor traffic, Kartsen knows about it, he doesn't like it a lot but that's temporary.

[NullHypothesis]

Here's the full story: I'm currently researching Internet censorship in China and it turns out that the "ordb" node-Tor relays are not censored in China in contrast to pretty much all standard Tor relays. First, you have to know that China blocks relays by actively probing them, i.e., they connect and try to speak the Tor protocol to a relay. If that works, the IP:port pair is blocked. If not, the host remains unblocked. We believe that the node-Tor relays are unblocked because the Tor protocol is implemented differently which makes the Great Firewall believe that they are not dealing with an actual Tor relay.

I want to verify our hypothesis and set up a node-Tor based relay or bridge which is able to accept direct Tor connections (as opposed to SOCKS connections). Then, I want to figure out what the Great Firewall is doing and why the node-Tor relays are unblocked. The circuit extension shortcoming is not an issue for me.

[Ayms]

Interesting, I don't see very well how the great firewall (which btw Peersm easily passes) would not detect node-Tor nodes as Tor nodes but can't you test with ordb2 for example?

[NullHypothesis]

The best way to test would be to run a relay or bridge myself. In particular, I'd like to obtain debug logs and traffic dumps.

[Ayms]

I have updated node-Tor-min.js in install, you can use it with the OR port 6666.

I have never tested node-Tor with the Tor browser directly, because that was not one of my use cases, doing it I saw that it was not responding to RELAY_BEGIN_DIR cells, then I modified it so it sends back a REASON_NOTDIRECTORY RELAY_END cell but the OP then closes the circuits.

[NullHypothesis]

Closing since the updated node-Tor-min.js now works for me. Thanks!