diff --git a/component/tls/reality.go b/component/tls/reality.go index 2dcffabcb..d99780fce 100644 --- a/component/tls/reality.go +++ b/component/tls/reality.go @@ -26,7 +26,6 @@ import ( utls "github.com/metacubex/utls" "golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/hkdf" - "golang.org/x/exp/slices" "golang.org/x/net/http2" ) @@ -51,6 +50,10 @@ func GetRealityConn(ctx context.Context, conn net.Conn, fingerprint UClientHello VerifyPeerCertificate: verifier.VerifyPeerCertificate, } + if !realityConfig.SupportX25519MLKEM768 && fingerprint == HelloChrome_Auto { + fingerprint = HelloChrome_120 // old reality server doesn't work with X25519MLKEM768 + } + uConn := utls.UClient(conn, uConfig, fingerprint) verifier.UConn = uConn err := uConn.BuildHandshakeState() @@ -58,29 +61,6 @@ func GetRealityConn(ctx context.Context, conn net.Conn, fingerprint UClientHello return nil, err } - if !realityConfig.SupportX25519MLKEM768 { - // ------for X25519MLKEM768 does not work properly with the old reality server------- - // Iterate over extensions and check - for _, extension := range uConn.Extensions { - if ce, ok := extension.(*utls.SupportedCurvesExtension); ok { - ce.Curves = slices.DeleteFunc(ce.Curves, func(curveID utls.CurveID) bool { - return curveID == utls.X25519MLKEM768 - }) - } - if ks, ok := extension.(*utls.KeyShareExtension); ok { - ks.KeyShares = slices.DeleteFunc(ks.KeyShares, func(share utls.KeyShare) bool { - return share.Group == utls.X25519MLKEM768 - }) - } - } - // Rebuild the client hello - err = uConn.BuildHandshakeState() - if err != nil { - return nil, err - } - // -------------------------------------------------------------------- - } - hello := uConn.HandshakeState.Hello rawSessionID := hello.Raw[39 : 39+32] // the location of session ID for i := range rawSessionID { // https://github.com/golang/go/issues/5373 diff --git a/component/tls/utls.go b/component/tls/utls.go index 3a9312b3f..fd5f0e544 100644 --- a/component/tls/utls.go +++ b/component/tls/utls.go @@ -16,6 +16,7 @@ type Conn = utls.Conn type UConn = utls.UConn type UClientHelloID = utls.ClientHelloID +const VersionTLS12 = utls.VersionTLS12 const VersionTLS13 = utls.VersionTLS13 func Client(c net.Conn, config *utls.Config) *Conn { @@ -26,6 +27,10 @@ func UClient(c net.Conn, config *utls.Config, fingerprint UClientHelloID) *UConn return utls.UClient(c, config, fingerprint) } +func Server(c net.Conn, config *utls.Config) *Conn { + return utls.Server(c, config) +} + func NewListener(inner net.Listener, config *Config) net.Listener { return utls.NewListener(inner, config) } @@ -69,21 +74,26 @@ var randomFingerprint = once.OnceValue(func() UClientHelloID { return fingerprint }) +var HelloChrome_Auto = utls.HelloChrome_Auto +var HelloChrome_120 = utls.HelloChrome_120 // special fingerprint for some old protocols doesn't work with HelloChrome_Auto + var fingerprints = map[string]UClientHelloID{ - "chrome": utls.HelloChrome_Auto, + "chrome": utls.HelloChrome_Auto, + "firefox": utls.HelloFirefox_Auto, + "safari": utls.HelloSafari_Auto, + "ios": utls.HelloIOS_Auto, + "android": utls.HelloAndroid_11_OkHttp, + "edge": utls.HelloEdge_Auto, + "360": utls.Hello360_Auto, + "qq": utls.HelloQQ_Auto, + "random": {}, + + // deprecated fingerprints should not be used "chrome_psk": utls.HelloChrome_100_PSK, "chrome_psk_shuffle": utls.HelloChrome_106_Shuffle, "chrome_padding_psk_shuffle": utls.HelloChrome_114_Padding_PSK_Shuf, "chrome_pq": utls.HelloChrome_115_PQ, "chrome_pq_psk": utls.HelloChrome_115_PQ_PSK, - "firefox": utls.HelloFirefox_Auto, - "safari": utls.HelloSafari_Auto, - "ios": utls.HelloIOS_Auto, - "android": utls.HelloAndroid_11_OkHttp, - "edge": utls.HelloEdge_Auto, - "360": utls.Hello360_Auto, - "qq": utls.HelloQQ_Auto, - "random": {}, "randomized": utls.HelloRandomized, }