[tor-commits] [obfs4/master] transports/meeklite: Tweak the TLS configuration

yawning at torproject.org yawning at torproject.org
Mon Mar 18 01:49:30 UTC 2019


commit ca6765e3e3995144df2b1ca9f0e9d823a7f8a47c
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Mon Mar 18 01:48:32 2019 +0000

    transports/meeklite: Tweak the TLS configuration
---
 transports/meeklite/transport.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/transports/meeklite/transport.go b/transports/meeklite/transport.go
index 85da3e2..8ea865f 100644
--- a/transports/meeklite/transport.go
+++ b/transports/meeklite/transport.go
@@ -149,7 +149,15 @@ func (rt *roundTripper) dialTLS(network, addr string) (net.Conn, error) {
 		log.Warnf("meek_lite - HPKP disabled for host: %v", host)
 	}
 
-	conn := utls.UClient(rawConn, &utls.Config{ServerName: host, VerifyPeerCertificate: verifyPeerCertificateFn}, *rt.clientHelloID)
+	conn := utls.UClient(rawConn, &utls.Config{
+		ServerName:            host,
+		VerifyPeerCertificate: verifyPeerCertificateFn,
+
+		// `crypto/tls` gradually ramps up the record size.  While this is
+		// a good optimization and is a relatively common server feature,
+		// neither Firefox nor Chromium appear to use such optimizations.
+		DynamicRecordSizingDisabled: true,
+	}, *rt.clientHelloID)
 	if err = conn.Handshake(); err != nil {
 		conn.Close()
 		return nil, err



More information about the tor-commits mailing list