We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sending TLS_EMPTY_RENEGOTIATION_INFO is OpenSSL's specific and usually be treated as a bot.
Is there a way to not send it ?
Code:
import tlslite import socket from tlslite.integration import * from tlslite.tlsconnection import TLSConnection settings = tlslite.HandshakeSettings() settings.sendFallbackSCSV = False settings.cipherNames = ["aes128gcm", "chacha20-poly1305", "aes256gcm"] s = socket.socket() s.settimeout(100) s.connect(("tls.peet.ws", 443)) s.settimeout(None) c = TLSConnection(s) c.handshakeClientCert(settings=settings) c.sendall(b'''GET /api/all HTTP/1.1\r\nHost: tls.peet.ws\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/jxl,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\n''') content = b'' while True: data = c.recv(4028) if data == b'': break content += data print(content)
Result:
b'HTTP/1.1 200 OK\r\nContent-Length: 2805\r\nContent-Type: application/json; charset=utf-8\r\nServer: TrackMe\r\n\r\n{\n "ip": "14.177.213.243:60591",\n "http_version": "HTTP/1.1",\n "method": "GET",\n "tls": {\n "ciphers": [\n "TLS_EMPTY_RENEGOTIATION_INFO",\n "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",\n "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",\n "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",\n "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",\n "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",\n "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",\n "TLS_RSA_WITH_AES_256_GCM_SHA384",\n "TLS_RSA_WITH_AES_128_GCM_SHA256"\n ],\n "extensions": [\n {\n "name": "encrypt_then_mac (22)",\n "data": ""\n },\n {\n "name": "extended_master_secret (23)",\n "master_secret_data": "",\n "extended_master_secret_data": ""\n },\n {\n "name": "ec_point_formats (11)",\n "elliptic_curves_point_formats": [\n "0x00"\n ]\n },\n {\n "name": "supported_groups (10)",\n "supported_groups": [\n "X25519 (29)",\n "X448 (30)",\n "P-384 (24)",\n "P-256 (23)",\n "P-521 (25)",\n "ffdhe2048 (256)",\n "ffdhe3072 (257)",\n "ffdhe4096 (258)",\n "ffdhe6144 (259)",\n "ffdhe8192 (260)"\n ]\n },\n {\n "name": "signature_algorithms (13)",\n "signature_algorithms": [\n "rsa_pss_rsae_sha512",\n "rsa_pss_rsae_sha384",\n "rsa_pss_rsae_sha256",\n "rsa_pkcs1_sha512",\n "rsa_pkcs1_sha384",\n "rsa_pkcs1_sha256",\n "0x301",\n "rsa_pkcs1_sha1"\n ]\n },\n {\n "name": "cert_type (9)",\n "data": "0100"\n }\n ],\n "tls_version_record": "771",\n "tls_version_negotiated": "771",\n "ja3": "771,255-52392-49200-49199-52394-159-158-157-156,22-23-11-10-13-9,29-30-24-23-25-256-257-258-259-260,0",\n "ja3_hash": "5f76d72163bd108e030427e44e671465",\n "peetprint": "||29-30-24-23-25-256-257-258-259-260|2054-2053-2052-1537-1281-1025-769-513|0||255-52392-49200-49199-52394-159-158-157-156|10-11-13-22-23-9",\n "peetprint_hash": "57c813e9ab2472fe6389340d26a2d158",\n "client_random": "caa0cbef7f55621cb6d593127eb1399ae9c68c2460cfc9a967da0e947f2d70a7",\n "session_id": ""\n },\n "http1": {\n "headers": [\n "Host: tls.peet.ws",\n "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0",\n "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/jxl,image/webp,*/*;q=0.8",\n "Accept-Language: en-US,en;q=0.5",\n "Accept-Encoding: gzip, deflate, br",\n "Connection: keep-alive",\n "Upgrade-Insecure-Requests: 1",\n "Sec-Fetch-Dest: document",\n "Sec-Fetch-Mode: navigate",\n "Sec-Fetch-Site: none",\n "Sec-Fetch-User: ?1"\n ]\n }\n}\r\n\r\n'
The text was updated successfully, but these errors were encountered:
TLS_FALLBACK_SCSV is different than TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_FALLBACK_SCSV
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
there is not setting to control TLS_EMPTY_RENEGOTIATION_INFO_SCSV, it's always sent: https://github.com/tlsfuzzer/tlslite-ng/blob/master/tlslite/tlsconnection.py#L680C4-L680C4
Sorry, something went wrong.
No branches or pull requests
Sending TLS_EMPTY_RENEGOTIATION_INFO is OpenSSL's specific and usually be treated as a bot.
Is there a way to not send it ?
Code:
Result:
The text was updated successfully, but these errors were encountered: