Do Chrome and Firefox send random values rather than the actual timestamp in ClientHello of TLS?

Question

I'm doing some analysis of TLS in different browsers (using Safari, Chrome, and Firefox) and have noticed that while Safari sends the correct unix timestamp, Chrome and Firefox send random values each time it send the ClientHello. Is this by design?

To the close voter...This is fundamentally a question about TLS implementation and as such should be on-topic here. — Xander, Apr 02 '15 at 00:55
@Xander raises hand I was thinking this was a browser-specific question, and not so much a pure TLS question. Retracting vote. — schroeder, Apr 02 '15 at 02:53
By the way, draft TLS 1.3 officially eliminates the timestamp thing, making the whole random value... random. — Matt Nordhoff, Apr 02 '15 at 09:02
By the way, OpenSSL stopped sending the timestamp in 1.0.1f. — Matt Nordhoff, Apr 02 '15 at 09:11

score 35 · Accepted Answer · edited Oct 07 '21 at 07:59

35

Yes, this is by design. The actual time is not important to TLS, and was only added to the ClientHello by the protocol as a protection against bad random number generation impacting the rest of the random data required as a part of the message.

Since it is not important, the protocol specifically states that it is not required to be the correct time*. The makers of some browsers have therefore decided to randomly skew the time portion of the random element in each ClientHello message they send.

A main reason for this is to aid in preventing tracking, an impetus which came from Tor - see the Mozilla post about this decision.

*RFC 2246/5246 § 7.4.1.2. Client hello:

Clocks are not required to be set correctly by the basic TLS Protocol;

edited Oct 07 '21 at 07:59

Community

1

answered Apr 02 '15 at 00:36

Xander

35,796
27
116
144

3

What was the reason behind this? Preventing tracking? – Steve Sether Apr 02 '15 at 05:52
3

@SteveSether Yes. The impetus came from Tor. – Matt Nordhoff Apr 02 '15 at 09:27
"by be" -> "to be" – Apr 02 '15 at 10:55
Ah, cool, thanks! I read the section for gmt_unix_time in the protocol spec but I think I glanced over the part that says it's not required to be correct. Would you mind updating your answer to include the spec section that discusses it, for future visitors? – josh Apr 02 '15 at 17:01
@JoshuaSmock Sure thing, done. – Xander Apr 02 '15 at 17:10
1

@SteveSether the Client Hello is transfered in plaintext and each computer's clock is off by a specific amount (eg 12 ms) from an atomic clock reading. By seeing this time, one could in theory identify the source of an SSL request even though it went through an anonymous proxy such as Tor. – user1122069 Apr 03 '15 at 12:17
@user1122069 Thanks. That's precisely what I expected. – Steve Sether Apr 06 '15 at 03:41

Do Chrome and Firefox send random values rather than the actual timestamp in ClientHello of TLS?

1 Answers1