commit 90d82c205c0269b87de5a6956e485225f8a9a2cb Author: David Fifield david@bamsoftware.com Date: Thu Jan 10 22:11:10 2019 -0700

Use the utls HelloRandomizedNoALPN handshake.

Since we cannot use any handshake that has a "h2" ALPN (like HelloFirefox_63 or HelloChrome_70), let's use a randomized handshake. HelloRandomizedNoALPN differs from HelloRandomized and HelloRandomizedALPN in that it always omits ALPN.

The http.Transport still appears to make 10 independent connections, each with its own randomized fingerprint... --- meek-client/meek-client.go | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go index 5853428..4f5aadd 100644 --- a/meek-client/meek-client.go +++ b/meek-client/meek-client.go @@ -451,18 +451,8 @@ func main() { if err != nil { return nil, err } - uconn := tls.UClient(conn, config, tls.HelloChrome_Auto) - // We cannot call uconn.Handshake() here: it causes the server - // to use HTTP/2, when the client is still using HTTP/1.1, - // because net/http disables automatic HTTP/2 support when using - // DialTLS. - // https://github.com/golang/go/issues/21753 - // "Auto-HTTP/2 is disabled by DialTLS being set" - // https://github.com/golang/go/issues/21336 - // But: returning without calling uconn.Handshake causes the - // ClientHello to lack the ALPN extension entirely... - // - // err = uconn.Handshake() + uconn := tls.UClient(conn, config, tls.HelloRandomizedNoALPN) + err = uconn.Handshake() return uconn, err }