mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-04 21:57:44 +03:00
Code Issues Projects Releases Packages Wiki Activity

Update xtransport.go

Browse source 
fix cipher suite on startup error
This commit is contained in:
ACE 2025-01-26 05:54:31 +02:00 committed by GitHub
parent a13df1a5e1
commit a9bfb2adac
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
dnscrypt-proxy/xtransport.go
View file

@ -226,8 +226,7 @@ func (xTransport *XTransport) rebuildTransport() {
}
if xTransport.tlsCipherSuite != nil {
tlsClientConfig.PreferServerCipherSuites = false
tlsClientConfig.CipherSuites = xTransport.tlsCipherSuite
tlsClientConfig.MaxVersion = tls.VersionTLS13
// Go doesn't allow changing the cipher suite with TLS 1.3
// So, check if the requested set of ciphers matches the TLS 1.3 suite.
// If it doesn't, downgrade to TLS 1.2
@ -247,7 +246,8 @@ func (xTransport *XTransport) rebuildTransport() {
}
}
}
if compatibleSuitesCount != len(tls.CipherSuites()) {
if compatibleSuitesCount != len(tls.CipherSuites()) && xTransport.keepCipherSuite == true {
tlsClientConfig.CipherSuites = xTransport.tlsCipherSuite
dlog.Infof("Explicit cipher suite configured - downgrading to TLS 1.2 with cipher suite: %v", xTransport.tlsCipherSuite)
tlsClientConfig.MaxVersion = tls.VersionTLS12
}