Hello all,
I just tagged obfs4proxy-0.0.9. The main features of this release are primarily related to improving the behavior of the `meek_lite` transport.
Since some of the changes are major, I will expand on them separately from the brief summary given in the ChangeLog.
* A forked version[0] of https://github.com/refraction-networking/utls is now used to mask the TLS signature. This results in a ClientHello that should resemble modern versions of Firefox by default. While the utls profile is named `HelloFirefox_63`, a cursory examination leads me to believe that there are no differences in FF 65.
The bridge line option `utls=<fingerprint>` will allow specifying the behavior, with (case-insenstive) string representations of the utls fingerprint names. `none` will revert to the previous behavior.
Not all fingerprints were tested and or are guaranteed to work. Development was primarily done with `HelloChrome_70, `HelloFirefox_63`, and `HelloChrome_71` (experimental). While I can not vouch for the mimicry accuracy of every single profile, all of the profiles that attempt to mimic browsers should function fairly well[1], though this partially depends on the the configuration of the host doing the fronting.
* meek_lite now has HPKP[2] style public key pins for all of the Microsoft CA certs that are used to sign Azure leaf certificates. This is only enabled when `utls` is being used, because I'm lazy. If Microsoft happens to change their CA certificates prior to the next release, 2024-05-20, or you are ok with being actively man-in-the- middled for some reason, adding `disableHPKP=true` to the bridge line will disable certificate pin validation.
HPKP headers in HTTP responses are ignored, only the static pin list is consulted.
* Due to a shift in my philosophy, portions of the new code are released under the GNU General Public License v3. Exceptions to the viral nature of the license will be considered on a case-by-case basis. Contact me for more details.
Tarball/Signature: https://people.torproject.org/~yawning/releases/obfs4proxy/obfs4proxy-0.0.9.... https://people.torproject.org/~yawning/releases/obfs4proxy/obfs4proxy-0.0.9....
Changes in version 0.0.9 - 2019-02-05: - Various meek_lite code cleanups and bug fixes. - Bug 29077: uTLS for ClientHello camouflage (meek_lite). - More fixes to HTTP Basic auth. - (meek_lite) Pin the certificate chain public keys for the default Tor Browser Azure bridge (meek_lite).
Regards,