mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-04 05:37:38 +03:00
Code Issues Projects Releases Packages Wiki Activity

Don't drop to TLS 1.2 if TLS 1.3 suite

Browse source 
Only scan the suites if we have a suites and we also keep the cipher suite and don't drop to tls 1.2 if it is an tls 1.3 suite.
This commit is contained in:
ACE 2025-01-27 01:54:27 +02:00 committed by GitHub
parent 4c8c968c4f
commit 2a49855e0b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
dnscrypt-proxy/xtransport.go
View file

@ -226,9 +226,7 @@ func (xTransport *XTransport) rebuildTransport() {
} else {
tlsClientConfig.ClientSessionCache = tls.NewLRUClientSessionCache(10)
}
if xTransport.tlsCipherSuite != nil {
tlsClientConfig.PreferServerCipherSuites = false
tlsClientConfig.MaxVersion = tls.VersionTLS13
if xTransport.tlsCipherSuite != nil && len(xTransport.tlsCipherSuite) > 0 && xTransport.keepCipherSuite == true {
var tls13 = "198 199 4865 4866 4867 4868 4869 49332 49333"
var only13 = 0
var SuitesCount = 0
@ -239,12 +237,14 @@ func (xTransport *XTransport) rebuildTransport() {
}
only13 += 1
}
if xTransport.keepCipherSuite == true && only13 != SuitesCount {
if only13 != SuitesCount {
tlsClientConfig.CipherSuites = xTransport.tlsCipherSuite
dlog.Info("Explicit cipher suite configured downgrading to TLS 1.2")
tlsClientConfig.MaxVersion = tls.VersionTLS12
MinTry += 1
}
} else {
tlsClientConfig.MaxVersion = tls.VersionTLS13
}
transport.TLSClientConfig = &tlsClientConfig
if http2Transport, err := http2.ConfigureTransports(transport); err != nil {