mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-05 14:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

Update xtransport.go

Browse source 
Fix TLS 1.3 cipher configured
This commit is contained in:
ACE 2025-01-27 00:52:39 +02:00 committed by GitHub
parent 3e0ae41ef6
commit b20b59e9ee
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
dnscrypt-proxy/xtransport.go
View file

@ -229,9 +229,19 @@ func (xTransport *XTransport) rebuildTransport() {
if xTransport.tlsCipherSuite != nil { if xTransport.tlsCipherSuite != nil {
tlsClientConfig.PreferServerCipherSuites = false tlsClientConfig.PreferServerCipherSuites = false
tlsClientConfig.MaxVersion = tls.VersionTLS13 tlsClientConfig.MaxVersion = tls.VersionTLS13
if xTransport.keepCipherSuite == true { var tls13 = "198 199 4865 4866 4867 4868 4869 49332 49333"
var only13 = 0
var SuitesCount = 0
for _, expectedSuiteID := range xTransport.tlsCipherSuite {
check := strconv.Itoa(int(expectedSuiteID))
if strings.Contains(tls13 , check) {
SuitesCount += 1
}
only13 += 1
}
if xTransport.keepCipherSuite == true && only13 != SuitesCount {
tlsClientConfig.CipherSuites = xTransport.tlsCipherSuite tlsClientConfig.CipherSuites = xTransport.tlsCipherSuite
dlog.Infof("Explicit cipher suite %v configured downgrading TLS 1.2", xTransport.tlsCipherSuite) dlog.Info("Explicit cipher suite configured downgrading to TLS 1.2")
tlsClientConfig.MaxVersion = tls.VersionTLS12 tlsClientConfig.MaxVersion = tls.VersionTLS12
MinTry += 1 MinTry += 1
} }