From b20b59e9ee03fae0f60f33f260b9e06d564a33ff Mon Sep 17 00:00:00 2001
From: ACE <42440432+ACEx86@users.noreply.github.com>
Date: Mon, 27 Jan 2025 00:52:39 +0200
Subject: [PATCH] Update xtransport.go

Fix TLS 1.3 cipher configured
---
 dnscrypt-proxy/xtransport.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/dnscrypt-proxy/xtransport.go b/dnscrypt-proxy/xtransport.go
index 74a5fa7d..a79cc9a2 100644
--- a/dnscrypt-proxy/xtransport.go
+++ b/dnscrypt-proxy/xtransport.go
@@ -229,9 +229,19 @@ func (xTransport *XTransport) rebuildTransport() {
 	if xTransport.tlsCipherSuite != nil {
 		tlsClientConfig.PreferServerCipherSuites = false
 		tlsClientConfig.MaxVersion = tls.VersionTLS13
-		if xTransport.keepCipherSuite == true {
+		var tls13 = "198 199 4865 4866 4867 4868 4869 49332 49333"
+		var only13 = 0
+		var SuitesCount = 0
+		for _, expectedSuiteID := range xTransport.tlsCipherSuite {
+			check := strconv.Itoa(int(expectedSuiteID))
+			if strings.Contains(tls13 , check) {
+				SuitesCount += 1
+			}
+			only13 += 1 
+		}
+		if xTransport.keepCipherSuite == true && only13 != SuitesCount {
 			tlsClientConfig.CipherSuites = xTransport.tlsCipherSuite
-			dlog.Infof("Explicit cipher suite %v configured downgrading TLS 1.2", xTransport.tlsCipherSuite)
+			dlog.Info("Explicit cipher suite configured downgrading to TLS 1.2")
 			tlsClientConfig.MaxVersion = tls.VersionTLS12
 			MinTry += 1
 		}