commit ca6765e3e3995144df2b1ca9f0e9d823a7f8a47c Author: Yawning Angel yawning@schwanenlied.me Date: Mon Mar 18 01:48:32 2019 +0000
transports/meeklite: Tweak the TLS configuration --- transports/meeklite/transport.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/transports/meeklite/transport.go b/transports/meeklite/transport.go index 85da3e2..8ea865f 100644 --- a/transports/meeklite/transport.go +++ b/transports/meeklite/transport.go @@ -149,7 +149,15 @@ func (rt *roundTripper) dialTLS(network, addr string) (net.Conn, error) { log.Warnf("meek_lite - HPKP disabled for host: %v", host) }
- conn := utls.UClient(rawConn, &utls.Config{ServerName: host, VerifyPeerCertificate: verifyPeerCertificateFn}, *rt.clientHelloID) + conn := utls.UClient(rawConn, &utls.Config{ + ServerName: host, + VerifyPeerCertificate: verifyPeerCertificateFn, + + // `crypto/tls` gradually ramps up the record size. While this is + // a good optimization and is a relatively common server feature, + // neither Firefox nor Chromium appear to use such optimizations. + DynamicRecordSizingDisabled: true, + }, *rt.clientHelloID) if err = conn.Handshake(); err != nil { conn.Close() return nil, err