Skip to content

Tags: refraction-networking/utls

Tags

v1.8.2

Toggle v1.8.2's commit message 
fix: add missing padding extension for chrome 120

Chrome removed this extension when sending pq keyshares but this was
incorrectly removed in utls for the non-pq variant of Chrome 120
fingerprint. Only this fingerprint is effected since newer fingerprints
have pq keyshares by default and older fingerprints have this extension.

Thanks to telegram @acgdaily for reporting this issue.

v1.8.1

Toggle v1.8.1's commit message 
fix: use AES in GREASE ECH for Chrome fingerprint

There is a fingerprint mismatch with Chrome when using GREASE ECH,
having to do with ciphersuite selection. When Chrome selects the
preferred ciphersuite in the outer ClientHello and the ciphersuite for
ECH, it does so consistently based on hardware support. That means, for
example, if it prefers AES for the outer ciphersuite, it would also use
AES for ECH. The Chrome parrot in utls hardcodes AES preference for
outer ciphersuites but selects the ECH ciphersuite randomly between
AES and ChaCha20. So there is a 50% chance of selecting ChaCha20 for
ECH while using AES for the outer ciphersuite, which is impossible in
Chrome.

This commit makes the Chrome parrot use AES only for GREASE ECH,
consistent with the currrent AES outer ciphersuite preference.

I think this is only a problem in GREASE ECH, since in real ECH Chrome
selects the first valid ciphersuite when AES is preferred, which is the
same in utls. So no change is done there.

Thanks to the original reporter for reporting this issue.

v1.8.0

Toggle v1.8.0's commit message 
refactor: remove unused cf circl ech config

Remove code using cloudflare circl's ECHConfig since ech has been
implemented via the standard library. Given that real ech was never
implemented using cf circl code in utls, this shouldn't be breaking any
user's code from what I can tell.

v1.7.3

Toggle v1.7.3's commit message 
feat: generate different ecdhe key for pq key

When the client sends both pq and non-pq keyshares, the ecdhe key was
reused in line with stdlib. However this can be used to fingerprint utls
ClientHellos. Generate different ecdhe keys instead, in line with
Chrome. This will have to change when we support more browsers with
different ways of handling this.

v1.7.2

Toggle v1.7.2's commit message 
fix: prevent copying outer server name in inner

Update ECH outer SNI during ApplyPreset instead of Marshal so that it is
not copied multiple times. Do not override server name in config when
ECH is enabled.

v0.0.2

Toggle v0.0.2's commit message 
feat: randomize minimum TLS version selection

v0.0.1

Toggle v0.0.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
u_parrots.go: Minumum randomized TLS version 1.2

Signed-off-by: nihiloid <nihiloid@gmail.com>

v1.7.1

Toggle v1.7.1's commit message 
change go version number from 1.24.0 to 1.24

v1.7.0

Toggle v1.7.0's commit message 
v1.7.0 update to go 1.24, add ech support, fix bugs

v1.6.7-chrome-133-fix

Toggle v1.6.7-chrome-133-fix's commit message

Verified

This commit was signed with the committer’s verified signature.
BRUHItsABunny
SSH Key Fingerprint: WkZ7ZZ9oYLkNXaQ2me36ItndVdjSxKW07uhTbzlh/xA
Verified
Learn about vigilant mode 
feat: support new codepoint in ECH