-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new ClientHellos and Extensions #116
Conversation
Certificate compression is defined in RFC 8879: https://datatracker.ietf.org/doc/html/rfc8879 This implementation is client-side only, for server certificates.
…4372a99cb162eb70e8d5f - At this commit, github.com/Noooste/utls remained at the original upstream LICENSE
@@ -79,7 +79,7 @@ func (e *SNIExtension) Read(b []byte) (int, error) { | |||
b[0] = byte(extensionServerName >> 8) | |||
b[1] = byte(extensionServerName) | |||
b[2] = byte((len(hostName) + 5) >> 8) | |||
b[3] = byte((len(hostName) + 5)) | |||
b[3] = byte(len(hostName) + 5) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thank you @rp-psiphon, and also thanks to @Psiphon-Labs, @rod-hynes, @sleeyax and @Noooste! |
pointFormatUncompressed, | ||
}}, | ||
&SessionTicketExtension{}, | ||
&ALPNExtension{AlpnProtocols: []string{"h2", "http/1.1"}}, | ||
&ALPNExtension{AlpnProtocols: []string{"h2"}}, //application_layer_protocol_negotiation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
HelloFirefox_102
here should have ALPN {"h2", "http/1.1"}
https://tlsfingerprint.io/compare/7161e10829541aab/b250617dca0ac79f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting. According to TLSfingerprint.io, the current fingerprint with only h2 is also a fingerprint of Firefox 102.
But I agree that we may want to move toward one with better compatibility.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On a second thought, I decide not to change it. Since we have Firefox 105 which is essentially b250617dca0ac79f, we want to preserve the variety.
* Implement certificate compression Certificate compression is defined in RFC 8879: https://datatracker.ietf.org/doc/html/rfc8879 This implementation is client-side only, for server certificates. * Fix missing LOC * Add more fingerprints * Implement ALPS extension * Merge commit https://github.com/Noooste/utls/blob/fcaacdbbe7adfd23f754372a99cb162eb70e8d5f - At this commit, github.com/Noooste/utls remained at the original upstream LICENSE * added HelloChrome102 and HelloFirefox102 * Randomly include ALPS in HelloRandomized Co-authored-by: Harry Harpham <[email protected]> Co-authored-by: Sleeyax <[email protected]> Co-authored-by: Rod Hynes <[email protected]>
* Implement certificate compression Certificate compression is defined in RFC 8879: https://datatracker.ietf.org/doc/html/rfc8879 This implementation is client-side only, for server certificates. * Fix missing LOC * Add more fingerprints * Implement ALPS extension * Merge commit https://github.com/Noooste/utls/blob/fcaacdbbe7adfd23f754372a99cb162eb70e8d5f - At this commit, github.com/Noooste/utls remained at the original upstream LICENSE * added HelloChrome102 and HelloFirefox102 * Randomly include ALPS in HelloRandomized Co-authored-by: Harry Harpham <[email protected]> Co-authored-by: Sleeyax <[email protected]> Co-authored-by: Rod Hynes <[email protected]>
Various ClientHellos and TLS extensions are included in this PR, from Psiphon-Labs , Noooste, and sleeyax.
Fingerprints and extensions were tested by comparing Wireshark captures from our ClientHellos to captures from real browsers (and the extensions being used).
Psiphon-Labs :
sleeyax:
Noooste: