Comments (7)
Possibly we could add a function in u_ech.go
named BoringGREASEECH()
which returns the GREASE ECH generated by BoringSSL? (Instead of hard coding them in each parrot based on BoringSSL)
from utls.
I have reviewed the code of NSS, which is the TLS library that Firefox uses.
It also only selects AEAD between AEAD_AES_128_GCM
and AEAD_CHACHA20_POLY1305
, but randomly.
aead = (rawData->data[0] & 1) ? HpkeAeadAes128Gcm : HpkeAeadChaCha20Poly1305;
And the GREASE ECH Payload size does not have a fixed size, as it was generated based on the outer ClientHello.
from utls.
By random sampling, the payload size of the GREASE ECH Extension in Firefox would be 223 (+16)
from utls.
Thanks for doing these. I will take a look. I am pretty sure I saw a shorter ECH payload at some point from my Firefox...
from utls.
Checked again, did not find sizes other than 239. Seems I made a mistake. Now I think this issue has been fully addressed and can be closed.
from utls.
Great observation.
why utls parrot also candidates AEAD_AES_256_GCM.
I did not explicitly refer to BoringSSL in terms of adding ECH to Chrome/Firefox parrots, but rather referred to the RFC which mentions GREASE ECH should try to randomly select from all supported combinations. So this is indeed an oversight.
BoringSSL pads payload not only from 128, 160 but 128, 160, 192, 224 according to code below.
Thanks for the observation, I did not go through the code but instead randomly sampled for ~10 GREASE ECH generated by Google Chrome, which did not really include these many possible lengths.
Should you open a pull request to address these problems, it would be wonderful.
from utls.
A similar patch, based on either random sampling or code review of Firefox might be needed as well.
from utls.
Related Issues (20)
- [BUG] (Fake|Utls)PreSharedKeyExtension HOT 30
- Please, bump the major version number when you break the API HOT 5
- PSK resumption and ClientHelloRetry HOT 1
- Unable to set `OmitEmptyPsk` in `PreSharedKeyExtension` HOT 3
- Conn.readRecord(...) with multiple goroutine error HOT 1
- Cannot handshake with speed.hetzner.de HOT 4
- Cannot install in Docker base image alpine (package crypto/ecdh is not in GOROOT) HOT 5
- panic: tls: setSessionTicketExt failed: invalid state HOT 3
- Support for padding extension HOT 6
- feat: GREASE ECH Extension HOT 4
- bump Auto parrot for Firefox and Chrome
- HelloFirefox* gets an ECDSA verification failure HOT 4
- FingerprintClientHello support for GREASE ECH extension
- Weird observation regarding ClientId and Spec HOT 9
- B uTLS does not support 0xFB1A as max version,add ja3 tls error,roundTripper error HOT 7
- crypto/ecdh is not in GOROOT (Go 1.18) HOT 1
- Secured Renegotiation is not supported HOT 10
- What is the hash function of the fingerprint in utls? HOT 6
- HTTP2 (akamai) fingerprint always same? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from utls.