[tor-commits] [meek/utls] Use the utls HelloRandomizedNoALPN handshake.
dcf at torproject.org
dcf at torproject.org
Fri Jan 11 05:53:30 UTC 2019
commit 90d82c205c0269b87de5a6956e485225f8a9a2cb
Author: David Fifield <david at bamsoftware.com>
Date: Thu Jan 10 22:11:10 2019 -0700
Use the utls HelloRandomizedNoALPN handshake.
Since we cannot use any handshake that has a "h2" ALPN (like
HelloFirefox_63 or HelloChrome_70), let's use a randomized handshake.
HelloRandomizedNoALPN differs from HelloRandomized and
HelloRandomizedALPN in that it always omits ALPN.
The http.Transport still appears to make 10 independent connections,
each with its own randomized fingerprint...
---
meek-client/meek-client.go | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go
index 5853428..4f5aadd 100644
--- a/meek-client/meek-client.go
+++ b/meek-client/meek-client.go
@@ -451,18 +451,8 @@ func main() {
if err != nil {
return nil, err
}
- uconn := tls.UClient(conn, config, tls.HelloChrome_Auto)
- // We cannot call uconn.Handshake() here: it causes the server
- // to use HTTP/2, when the client is still using HTTP/1.1,
- // because net/http disables automatic HTTP/2 support when using
- // DialTLS.
- // https://github.com/golang/go/issues/21753
- // "Auto-HTTP/2 is disabled by DialTLS being set"
- // https://github.com/golang/go/issues/21336
- // But: returning without calling uconn.Handshake causes the
- // ClientHello to lack the ALPN extension entirely...
- //
- // err = uconn.Handshake()
+ uconn := tls.UClient(conn, config, tls.HelloRandomizedNoALPN)
+ err = uconn.Handshake()
return uconn, err
}
More information about the tor-commits
mailing list