Muddy Boots TLS #574
Description
An evil exit Node can't penetrate TLS encryption, but it can add large amounts of garbage ("mud") to the end of each TLS response packet, which the browser will discard, forcing the originating Node to pay too much money for exit and routing services. However, it can't disturb the packet-length field in the fourth and fifth bytes of the packet (16-bit big-endian), or the signature validation will fail.
In the Proxy Server, before relaying a TLS packet to the client, check its length against the length field in the packet. If the actual packet length is longer than the advertised packet length, malefactor-ban the exit Node and remove the route. Make sure this change is isolated to TLS-handling code only: we also handle other protocols that put other things in those two bytes.
Since this probably means the user will lose any application sessions he had going with the server (because different exit Node), provide some kind of alert so that the user knows why the session was broken.