Comments (4)
gaukas
commented on July 19, 2024
Unfortunately FAKE_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9F) is not a real cipher suite supported cipher suite by uTLS. Being a FAKE_ cipher means, uTLS supports advertising it in the ClientHello but will not be able to work with it.
Line 65 in 30f5a69
Would you be interested in trying to implement it? I am open to a PR, but here is a warning: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is a weak cipher in TLS 1.2 and has been deprecated. Even if someone comes with a PR, it will not be merged into uTLS until a // Deprecated: flag is properly added.
from utls.
gaukas
commented on July 19, 2024
Just curious, is it that your server or someone else's server preferring a weak cipher? A more proper way in terms of security to handle this, instead of connecting to the server WITH the 0x009f cipher, is to notify the admin about this vulnerability.
(Of course, unless it is you trying to break the known weak ciphers, then have fun!)
from utls.
let4be
commented on July 19, 2024
It's someone else's server I'm trying to connect to.
(Curl's clienthello)
from utls.
gaukas
commented on July 19, 2024
In that case, it is super weird and vulnerable. Possibly it is running an outdated TLS server. But for now, unfortunately I'm afraid there's no proper workaround to allow you to handshake with something that uTLS does not really implement.
from utls.
Related Issues (20)
- Cannot install in Docker base image alpine (package crypto/ecdh is not in GOROOT) HOT 5
- panic: tls: setSessionTicketExt failed: invalid state HOT 3
- Support for padding extension HOT 6
- feat: GREASE ECH Extension HOT 4
- bump Auto parrot for Firefox and Chrome
- bug: configuration for GREASE ECH parrot for Chrome 120 doesn't match BoringSSL HOT 7
- HelloFirefox* gets an ECDSA verification failure HOT 4
- FingerprintClientHello support for GREASE ECH extension
- Weird observation regarding ClientId and Spec HOT 9
- B uTLS does not support 0xFB1A as max version,add ja3 tls error,roundTripper error HOT 7
- crypto/ecdh is not in GOROOT (Go 1.18) HOT 1
- Secured Renegotiation is not supported HOT 10
- What is the hash function of the fingerprint in utls? HOT 6
- HTTP2 (akamai) fingerprint always same? HOT 1
- Example ImportTLSClientHelloFromJSON HOT 6
- Towards better versioning policy HOT 4
- bug: `(*Conn).Handshake()` is called upon `(*UConn).Read()` HOT 3
- *.tlsfingerprint.io down? HOT 6
- Any plans implements in Python HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from utls.