mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-01 19:17:36 +03:00
Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
anticensorshipcipher-suitesclienthellocryptogolanghandshakelow-level-tlsobfuscationparrottlstls-extension
77ea502eee
This makes three related changes that work particularly well together and would require significant extra work to do separately: it replaces X25519Kyber768Draft00 with X25519MLKEM768, it makes CurvePreferences ordering crypto/tls-selected, and applies a preference to PQ key exchange methods over key shares (to mitigate downgrades). TestHandshakeServerUnsupportedKeyShare was removed because we are not rejecting unsupported key shares anymore (nor do we select them, and rejecting them actively is a MAY). It would have been nice to keep the test to check we still continue successfully, but testClientHelloFailure is broken in the face of any server-side behavior which requires writing any other messages back to the client, or reading them. Updates #69985 Fixes #69393 Change-Id: I58de76f5b8742a9bd4543fd7907c48e038507b19 Reviewed-on: https://go-review.googlesource.com/c/go/+/630775 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> |
||
|---|---|---|
| fipsonly | ||
| internal/fips140tls | ||
| testdata | ||
| alert.go | ||
| auth.go | ||
| auth_test.go | ||
| bogo_config.json | ||
| bogo_shim_test.go | ||
| cache.go | ||
| cache_test.go | ||
| cipher_suites.go | ||
| common.go | ||
| common_string.go | ||
| conn.go | ||
| conn_test.go | ||
| defaults.go | ||
| ech.go | ||
| ech_test.go | ||
| example_test.go | ||
| fips_test.go | ||
| generate_cert.go | ||
| handshake_client.go | ||
| handshake_client_test.go | ||
| handshake_client_tls13.go | ||
| handshake_messages.go | ||
| handshake_messages_test.go | ||
| handshake_server.go | ||
| handshake_server_test.go | ||
| handshake_server_tls13.go | ||
| handshake_test.go | ||
| handshake_unix_test.go | ||
| key_agreement.go | ||
| key_schedule.go | ||
| key_schedule_test.go | ||
| link_test.go | ||
| prf.go | ||
| prf_test.go | ||
| quic.go | ||
| quic_test.go | ||
| ticket.go | ||
| ticket_test.go | ||
| tls.go | ||
| tls_test.go | ||