Running tls-crypt and SSL together - overkill?

[iwih2gk 93]

First let me say that 2.15.2 is the best stable client yet on Debian!  I have not benchmarked this question.  I wonder if by selecting the protocol to employ both tls-crypt and SSL together I am incurring large speed hits?  Primarily, I am way more interested in security/privacy than speed by a long shot.  In the past I selected SSL because on occasion my ISP would throttle me sometimes without it.  I should probably run straight tls-crypt without SSL and see if I get throttled.  I reside close to many Air Servers that currently support the new tls-crypt protocols.  Rambling sorry.

 

How much speed degradation should a user expect via tls-crypt as the sole control parameter?

[go558a83nk 362]

tls-crypt itself shouldn't give any speed degradation.  The reason SSL has a speed degradation is because it necessitates TCP.  Try using tls-crypt with on a UDP port to see how it works for you.

[iwih2gk 93]

Thanks for the suggestion.  I have a note to change the protocol when I exit this VM and get back to the host.  I remember reading that "maybe" tls-crypt will help with throttling issues.  My ISP isn't terrible about straight 443/80 connections, but sometimes, its irregular.  If using tls-crypt without other wrappers works I'll likely pick up another 20 meg.  Don't get me wrong the whole tunnel is very fast.  My raw line is over 200 and I have never seen below 50 on Air before TOR enters the picture.  Most times I easily exceed 100 +.

[iwih2gk 93]

Quick follow up in case others are playing with the new client protocols.  I am now using UDP - 443 3 and employing tls-crypt per the new client.  NO blocks from my ISP (throttles) noted.  My current speeds through the tunnel are now 215 meg average.  I ran multiple tests through several different systems and averaged the outcome here.  Nice!!  My RAW ISP is slightly over 200 meg so this means almost zero load through the first hop on Air.  Very cool.  It is my hope that tls-crypt will continue to "evade" any ISP throttles.  We'll see.

[serenacat 83]

I noticed this, but have not chased the details, was doing a bit of curious googling of "tls-crypt".

"Dunno about China, but there are reports that tls-crypt doesn't work in Egypt. I'm unsure what method they're using for detection.

They're doing a protocol agnostic packet sequence and size variation match with whitelists for big-business to reduce false-positives."

https://www.reddit.com/r/VPN/comments/856zlp/how_effective_is_tlscrypt_at_bypassing_isp_vpn/

so I guess the next step up would be to fuzz the initial protocol with random chatter packets.

In places like Egypt, Turkey, etc using https:443 might be less likely to attract attention, but presumably also a problem with up to date database(s) of detected commercial VPN entry IP addresses when dealing with SS.

[Staff 9972]

@serenacat

 

Here the reports we have:

 

China: tls-crypt always works in TCP and only sometimes in UDP (due to the fact that in mobile lines UDP is blocked by itself, we presume). OpenVPN over SSL works. tls-crypt is faster.

 

Iran. same as China

UAE: same as China

Egypt: OpenVPN over SSL works. No reports about tls-crypt so far, unfortunately.

Saudi Arabia: same as Egypt

 

Kind regards

[invisible25 0]

OpenVPN over SSL Больше не работает в Туркменистане, хотя работал SSH тоже перестал работать, уважаемые можно найти причину?

Так как SSH и Stunnel работают у 

Windscribe и Torguard

, Можно ли наладить работу SSL ?

[Staff 9972]

Hello!

 

If Windscribe and Torguard work, then the block might be not against the protocols, but against our own IP addresses, we're sorry.

 

Kind regards