-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls use crypto std cipher suites #2510
Conversation
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | ||
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, | ||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | ||
// use tls cipher suites from cryto/tls |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里应该简单地传入nil,让TLS库使用defaultCipherSuites()初始化CipherSuites列表,而不是把tls支持的所有CipherSuites传入。go的tls库默认情况下并不会使用所有的CipherSuites,这样做等于引入了新的特征码。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
默认的 CipherSuites 会不会也成特征?要不要从最流行的 Hello Cipher Suites里面挑/随机选?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Qv2ray-dev 这是不同 TLS 库的差异,如果要以此为特征进行封锁,会误伤大量用 golang 编写的正常应用吧。 |
No description provided.