* Fix Google Parrots
- Move `HelloChrome_102` to the end of `HelloChrome_` fingerprints for consistency.
- Fixed#123 by adjusting mismatching SupportedVersionsExtension value in `HelloChrome_100`.
* Use same fp for Chrome 100 and 102
According to [TLSFingerprint.io: id e47eae8f8c4887b6](https://tlsfingerprint.io/id/e47eae8f8c4887b6), Chrome 100 may share this fp with 102.
* Add new ClientHellos
Also add faked support for token binding, ALPS, and delegated credentials
* Remove FakeALPSExtension in favor of existing ApplicationSettingsExtension
* Implement certificate compression
Certificate compression is defined in RFC 8879:
https://datatracker.ietf.org/doc/html/rfc8879
This implementation is client-side only, for server certificates.
* Fix missing LOC
* Add more fingerprints
* Implement ALPS extension
* Merge commit fcaacdbbe7
- At this commit, github.com/Noooste/utls remained at the original upstream LICENSE
* added HelloChrome102 and HelloFirefox102
* Randomly include ALPS in HelloRandomized
Co-authored-by: Harry Harpham <harry@getlantern.org>
Co-authored-by: Sleeyax <yourd3veloper@gmail.com>
Co-authored-by: Rod Hynes <rod-hynes@users.noreply.github.com>
Renegotiation:
- Disallow specifying the body of Renegotiation extensions to
avoid assumption that it will be verified.
- Marshal the extension, if it is present in the uconn.Extensions list,
even if Renegotiation is set to Never.
Exports all unexported uTLS extension fields.
Fixes#33
Update fingerprints + add default spec version
* Adds fingerprints for Chrome 75, iOS 12.1, and Firefox 65(=Firefox 63)
* If min/max tls versions are not explicitly specified in the ClientHelloSpec,
uTLS will try to parse versions from SupportedVersions extension,
and fallback to [TLS 1.0, TLS 1.2] if SupportedVersions is absent.
* Adds mimicked FakeRecordSizeLimitExtension and FakeCertCompressionAlgsExtension
to be used instead of GenericExtension{} for clarity and extensibility
(we are ready to use those with Firefox and Chrome fps with correct values
whenever actual functionality is implemented)
* SetTLSVers: parse the right extensions + cosmetics
Currently, SessionCache is not used for non-HelloGolang fingerprints,
and this PR is what the fix would potentially look like.
This is only for the TLS 1.2, support for TLS 1.3 PSK resumption cache remains a TODO.
Fixes#27
- Uses a chacha20-based CSPRNG to generate randomized fingeprints
- Refactors generation of randomized fingerprints, removing many redundant shuffle functions.
- Adds Seed field to ClientHelloID
- ClientHelloID.Version is now a string (was uint16)
Adds support for following TLS 1.3 extensions:
- PSKKeyExchangeModes
- SupportedVersions
- KeyShare
and uses them to implement newest Chrome and Firefox parrots.
Tests for default Golang uTLS were regenerated because
they previously used TLS-1.2 as max version.
I tested all fingerprints and confirmed that Chrome and Firefox are
working as intended.
Android fingerprints were grossly unpopular, which could a result of
incorrect merge, but either way we'll remove them for now.
The root cause of races is that global variables supportedSignatureAlgorithms and
cipherSuites are used both to form handshake and to check whether or not
peer responded with supported algorithm.
In this patch I create separate variables for this purpose.
Updated tests for kicks.
Finally, go fmt.
This function is not needed anymore, since check for whether ciphersuite is
supported is done against per-tls.Config, not against global variable.
One of needed changes for fixing data races, see #5
