From 9759b693716b0273c2a4d01b3699050ffbb3d297 Mon Sep 17 00:00:00 2001 From: Amir Khan Date: Tue, 12 Sep 2023 16:52:59 -0400 Subject: [PATCH 1/2] Return empty ClientHelloID on error --- psiphon/tlsDialer.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/psiphon/tlsDialer.go b/psiphon/tlsDialer.go index a6b24b230..e72305d37 100644 --- a/psiphon/tlsDialer.go +++ b/psiphon/tlsDialer.go @@ -862,7 +862,7 @@ func getUTLSClientHelloID( case protocol.TLS_PROFILE_CHROME_112_PSK: preset, err := utls.UTLSIdToSpec(utls.HelloChrome_112_PSK_Shuf) if err != nil { - return utls.HelloCustom, nil, err + return utls.ClientHelloID{}, nil, err } // Generates typical PSK extension values. @@ -902,7 +902,7 @@ func getUTLSClientHelloID( customTLSProfile := p.CustomTLSProfile(tlsProfile) if customTLSProfile == nil { - return utls.HelloCustom, + return utls.ClientHelloID{}, nil, errors.Tracef("unknown TLS profile: %s", tlsProfile) } From e2be6e3639253d0a5a29ba8a70053b70a223b429 Mon Sep 17 00:00:00 2001 From: Amir Khan Date: Tue, 12 Sep 2023 16:53:26 -0400 Subject: [PATCH 2/2] Fixed TestSelectTLSProfile test --- psiphon/common/protocol/customTLSProfiles_test.go | 10 +++++----- psiphon/tlsDialer_test.go | 4 +++- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/psiphon/common/protocol/customTLSProfiles_test.go b/psiphon/common/protocol/customTLSProfiles_test.go index e2422c628..28628e226 100644 --- a/psiphon/common/protocol/customTLSProfiles_test.go +++ b/psiphon/common/protocol/customTLSProfiles_test.go @@ -74,26 +74,26 @@ func TestCustomTLSProfiles(t *testing.T) { &utls.ALPNExtension{AlpnProtocols: []string{"h2", "http/1.1"}}, &utls.FakeChannelIDExtension{}, &utls.SupportedPointsExtension{SupportedPoints: []byte{0}}, - &utls.SupportedCurvesExtension{[]utls.CurveID{ + &utls.SupportedCurvesExtension{Curves: []utls.CurveID{ utls.X25519, utls.CurveP256, utls.CurveP384}}, &utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle}, // Additional extensions for test coverage &utls.NPNExtension{NextProtos: []string{"http/1.1"}}, &utls.GenericExtension{Id: 9999, Data: []byte("generic extension")}, - &utls.KeyShareExtension{[]utls.KeyShare{ + &utls.KeyShareExtension{KeyShares: []utls.KeyShare{ {Group: utls.X25519, Data: []byte{9, 9, 9, 9}}, }}, - &utls.PSKKeyExchangeModesExtension{[]uint8{ + &utls.PSKKeyExchangeModesExtension{Modes: []uint8{ utls.PskModeDHE, }}, - &utls.SupportedVersionsExtension{[]uint16{ + &utls.SupportedVersionsExtension{Versions: []uint16{ utls.VersionTLS13, utls.VersionTLS12, utls.VersionTLS11, utls.VersionTLS10, }}, - &utls.UtlsCompressCertExtension{[]utls.CertCompressionAlgo{ + &utls.UtlsCompressCertExtension{Algorithms: []utls.CertCompressionAlgo{ utls.CertCompressionBrotli, }}, &utls.FakeChannelIDExtension{}, diff --git a/psiphon/tlsDialer_test.go b/psiphon/tlsDialer_test.go index 02e626a77..cf3e17ea3 100644 --- a/psiphon/tlsDialer_test.go +++ b/psiphon/tlsDialer_test.go @@ -620,7 +620,9 @@ func TestSelectTLSProfile(t *testing.T) { } var unexpectedClientHelloID, unexpectedClientHelloSpec bool - if i < len(protocol.SupportedTLSProfiles) { + + // TLS_PROFILE_CHROME_112_PSK profile is a special case. Check getUTLSClientHelloID for details. + if i < len(protocol.SupportedTLSProfiles) && profile != protocol.TLS_PROFILE_CHROME_112_PSK { if utlsClientHelloID == utls.HelloCustom { unexpectedClientHelloID = true }