WIP: Make sending TLS GREASE extensions optional

Add an enable_tls_grease to ClientConfig that will enable or disable the GREASE feature.
rustls · Apr 10, 2020 · 0841b7c · 0841b7c
1 parent e91cae7
commit 0841b7c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs
@@ -235,7 +235,10 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl,
     exts.push(ClientExtension::SignatureAlgorithms(verify::supported_verify_schemes().to_vec()));
     exts.push(ClientExtension::ExtendedMasterSecretRequest);
     exts.push(ClientExtension::CertificateStatusRequest(CertificateStatusRequest::build_ocsp()));
-    exts.push(ClientExtension::Grease(GreaseExt::new()));
+
+    if sess.config.enable_tls_grease {
+        exts.push(ClientExtension::Grease(GreaseExt::new()));
+    }
 
     if sess.config.ct_logs.is_some() {
         exts.push(ClientExtension::SignedCertificateTimestampRequest);

diff --git a/rustls/src/client/mod.rs b/rustls/src/client/mod.rs
@@ -136,6 +136,12 @@ pub struct ClientConfig {
     ///
     /// The default is false.
     pub enable_early_data: bool,
+
+    /// Whether to send TLS GREASE extensions in the TLS handshake
+    /// (RFC 8701).
+    ///
+    /// The default is false.
+    pub enable_tls_grease: bool,
 }
 
 impl Default for ClientConfig {
@@ -163,6 +169,7 @@ impl ClientConfig {
             verifier: Arc::new(verify::WebPKIVerifier::new()),
             key_log: Arc::new(NoKeyLog {}),
             enable_early_data: false,
+            enable_tls_grease: false,
         }
     }