Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

new ClientHellos and Extensions #116

Merged
merged 8 commits into from
Sep 7, 2022

Conversation

rp-psiphon
Copy link
Contributor

Various ClientHellos and TLS extensions are included in this PR, from Psiphon-Labs , Noooste, and sleeyax.
Fingerprints and extensions were tested by comparing Wireshark captures from our ClientHellos to captures from real browsers (and the extensions being used).

Psiphon-Labs :

  • HelloChrome102 (tested)
  • HelloFirefox102 (tested)
  • change to HelloRandomized to include ApplicationSettingsExtension

sleeyax:

  • Chrome_87
  • Chrome_96
  • iOS_13 (tested)
  • iOS14 (tested)
  • Android11
  • ApplicationSettingsExtension

Noooste:

  • Firefox99 (tested)
  • Chrome100
  • SignatureAlgorithmsCertExtension
  • DelegatedCredentialsExtension
  • StatusRequest Extension

@gaukas gaukas self-requested a review September 7, 2022 01:59
@@ -79,7 +79,7 @@ func (e *SNIExtension) Read(b []byte) (int, error) {
b[0] = byte(extensionServerName >> 8)
b[1] = byte(extensionServerName)
b[2] = byte((len(hostName) + 5) >> 8)
b[3] = byte((len(hostName) + 5))
b[3] = byte(len(hostName) + 5)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😄

Copy link
Contributor

@gaukas gaukas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gaukas gaukas merged commit f781b69 into refraction-networking:master Sep 7, 2022
@gaukas
Copy link
Contributor

gaukas commented Sep 7, 2022

Thank you @rp-psiphon, and also thanks to @Psiphon-Labs, @rod-hynes, @sleeyax and @Noooste!

pointFormatUncompressed,
}},
&SessionTicketExtension{},
&ALPNExtension{AlpnProtocols: []string{"h2", "http/1.1"}},
&ALPNExtension{AlpnProtocols: []string{"h2"}}, //application_layer_protocol_negotiation
Copy link

@dyhkwong dyhkwong Oct 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HelloFirefox_102 here should have ALPN {"h2", "http/1.1"} https://tlsfingerprint.io/compare/7161e10829541aab/b250617dca0ac79f

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting. According to TLSfingerprint.io, the current fingerprint with only h2 is also a fingerprint of Firefox 102.

But I agree that we may want to move toward one with better compatibility.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On a second thought, I decide not to change it. Since we have Firefox 105 which is essentially b250617dca0ac79f, we want to preserve the variety.

adotkhan pushed a commit to Psiphon-Labs/utls that referenced this pull request Dec 10, 2024
* Implement certificate compression

Certificate compression is defined in RFC 8879:
https://datatracker.ietf.org/doc/html/rfc8879

This implementation is client-side only, for server certificates.

* Fix missing LOC

* Add more fingerprints

* Implement ALPS extension

* Merge commit https://github.com/Noooste/utls/blob/fcaacdbbe7adfd23f754372a99cb162eb70e8d5f

- At this commit, github.com/Noooste/utls remained at the original upstream LICENSE

* added HelloChrome102 and HelloFirefox102

* Randomly include ALPS in HelloRandomized

Co-authored-by: Harry Harpham <[email protected]>
Co-authored-by: Sleeyax <[email protected]>
Co-authored-by: Rod Hynes <[email protected]>
adotkhan pushed a commit to Psiphon-Labs/utls that referenced this pull request Dec 10, 2024
* Implement certificate compression

Certificate compression is defined in RFC 8879:
https://datatracker.ietf.org/doc/html/rfc8879

This implementation is client-side only, for server certificates.

* Fix missing LOC

* Add more fingerprints

* Implement ALPS extension

* Merge commit https://github.com/Noooste/utls/blob/fcaacdbbe7adfd23f754372a99cb162eb70e8d5f

- At this commit, github.com/Noooste/utls remained at the original upstream LICENSE

* added HelloChrome102 and HelloFirefox102

* Randomly include ALPS in HelloRandomized

Co-authored-by: Harry Harpham <[email protected]>
Co-authored-by: Sleeyax <[email protected]>
Co-authored-by: Rod Hynes <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants