-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calling Read before Write ignores the fingerprint #75
Comments
What's wrong with calling Handshake?
This is an unusual use-case with client connecting, and waiting for server
to send data.
…On Thu, Apr 1, 2021, 01:56 Hirbod Behnam ***@***.***> wrote:
Hello
If you call Read before Handshake or Write, the default go ciphers will
be used. This is because the Write method is implemented for UConn and
the handshake in it will call the utls handshake. But the Read method is
implemented by Conn and executing it will cause the Read to call the tls
handshake instead of utls one.
Is this intended? And if so, is there anyway (except Handshake) to
establish the connection with fingerprints by calling Read at first?
Thanks
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#75>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABJQ4S3SYCXN4IWXMNFNXBLTGQRLFANCNFSM42GRZLUQ>
.
|
Hello |
We met the same problem while we tried to integrate utls into golang net/http package. |
I was just bitten by this problem as well, in the same situation: a pair of read/write goroutines started immediately after calling Calling
Here is a running example of the network communication pattern I was using. I do not think it is anything too unusual. You can run, for example, demo.go// Demo for https://github.com/refraction-networking/utls/issues/75 // go run demo.go -- example.com:443 package main import ( "flag" "fmt" "io" "net" "os" "sync" "github.com/refraction-networking/utls" ) func utlsDial(network, addr string, config *tls.Config) (*tls.UConn, error) { conn, err := net.Dial(network, addr) if err != nil { return nil, err } uconn := tls.UClient(conn, config, tls.HelloChrome_83) // err = uconn.Handshake() // if err != nil { // uconn.Close() // return nil, err // } return uconn, nil } func demo(addr string) error { serverName, _, err := net.SplitHostPort(addr) if err != nil { return err } tlsConfig := tls.Config{ServerName: serverName} uconn, err := utlsDial("tcp", addr, &tlsConfig) if err != nil { return err } defer uconn.Close() var wg sync.WaitGroup wg.Add(2) go func() { defer wg.Done() _, err := io.Copy(os.Stdout, uconn) if err != nil { fmt.Fprintf(os.Stderr, "stdout←uconn: %v\n", err) } }() go func() { defer wg.Done() _, err := io.Copy(uconn, os.Stdin) if err != nil { fmt.Fprintf(os.Stderr, "uconn←stdin: %v\n", err) } }() wg.Wait() return nil } func main() { flag.Parse() if flag.NArg() != 1 { fmt.Fprintf(os.Stderr, "%s: need a target host:port\n", os.Args[0]) os.Exit(1) } err := demo(flag.Arg(0)) if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } } Wireshark dissection of ClientHelloTransport Layer Security TLSv1.3 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 255 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 251 Version: TLS 1.2 (0x0303) Random: RANDOM Session ID Length: 32 Session ID: ID Cipher Suites Length: 38 Cipher Suites (19 suites) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303) Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 140 Extension: server_name (len=15) Type: server_name (0) Length: 15 Server Name Indication extension Server Name list length: 13 Server Name Type: host_name (0) Server Name length: 10 Server Name: dns.google Extension: status_request (len=5) Type: status_request (5) Length: 5 Certificate Status Type: OCSP (1) Responder ID list Length: 0 Request Extensions Length: 0 Extension: supported_groups (len=10) Type: supported_groups (10) Length: 10 Supported Groups List Length: 8 Supported Groups (4 groups) Supported Group: x25519 (0x001d) Supported Group: secp256r1 (0x0017) Supported Group: secp384r1 (0x0018) Supported Group: secp521r1 (0x0019) Extension: ec_point_formats (len=2) Type: ec_point_formats (11) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms (len=24) Type: signature_algorithms (13) Length: 24 Signature Hash Algorithms Length: 22 Signature Hash Algorithms (11 algorithms) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (4) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: rsa_pkcs1_sha1 (0x0201) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: ecdsa_sha1 (0x0203) Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 Extension: signed_certificate_timestamp (len=0) Type: signed_certificate_timestamp (18) Length: 0 Extension: supported_versions (len=9) Type: supported_versions (43) Length: 9 Supported Versions length: 8 Supported Version: TLS 1.3 (0x0304) Supported Version: TLS 1.2 (0x0303) Supported Version: TLS 1.1 (0x0302) Supported Version: TLS 1.0 (0x0301) Extension: key_share (len=38) Type: key_share (51) Length: 38 Key Share extension Client Key Share Length: 36 Key Share Entry: Group: x25519, Key Exchange length: 32 Group: x25519 (29) Key Exchange Length: 32 Key Exchange: EXCHANGE Wireshark dissection of ClientHello, when
|
I know this fix is kinda late, but let's hope in the future such thing can be patched in a timely manner. |
#292 is merged, and I think we can close this issue for now. Are we good? |
Hello
If you call
Read
beforeHandshake
orWrite
, the default go ciphers will be used. This is because theWrite
method is implemented forUConn
and the handshake in it will call the utls handshake. But theRead
method is implemented byConn
and executing it will cause theRead
to call the tls handshake instead of utls one.Is this intended? And if so, is there anyway (except Handshake) to establish the connection with fingerprints by calling
Read
at first?Thanks
The text was updated successfully, but these errors were encountered: