Closed CoiaPrant233 closed 1 year ago
CoiaPrant233
commented
1 year ago On the other hand, although restls is mostly well designed and completely avoids the problems of shadow TLS v2, it still has a serious problem, which is the connection characteristics. So much for now. If you are interested, you can reply to this message. I will read it when I am free.
3andne
commented
1 year ago Thanks for your feedback.
HandshakeFinished includes a hash of ALL records in the handshake.VersionHint and CurveHint. The user should provide the desired TLS version of the parroted server, e.g., for www.microsoft.com it's TLS13 while for learn.microsoft.com it's TLS12. In the case of TLS12, the session id (signature) is not computed from the key_share. Instead, it's computed from the public key that client will send in ClientKeyExchange. Failed to provide the correct version will result in the fallback behaviour. Once you provide the correct version hint, it's likely to stay unchanged for good. So there isn't a downgrade threat for Restls and that won't hurt the usability/compatibility with TLS v1.2CoiaPrant233
commented
1 year ago I know he will come to HandshakeFinish for HMAC certification, but before that, There is a possibility of a demotion or a renewal, which will not be difficult to resolve. Good luck.
Another thing to mention is that the fragment size of TLS subsequent content is a problem, which needs to choose an appropriate value.
CoiaPrant233
commented
1 year ago As for the connection characteristics, this is not a very simple thing to deal with, including my personal agreement, there is no good way at present.
Normal connections are characterized by long connection (keep-alive), but if a redirect attack is carried out, the client knows it, but it is difficult to maintain a long connection with the server, because the server may close the connection in advance.
Redirection attacks may not be realistic and will probably not be implemented, but there are other details that need to be worked out
Good luck.
3andne
commented
1 year ago I know he will come to HandshakeFinish for HMAC certification, but before that, There is a possibility of a demotion or a renewal, which will not be difficult to resolve. Good luck.
抱歉,这一块还是不太理解,请问能说得更详细一些吗?谢谢!
CoiaPrant233
commented
1 year ago I know he will come to HandshakeFinish for HMAC certification, but before that, There is a possibility of a demotion or a renewal, which will not be difficult to resolve. Good luck.
抱歉,这一块还是不太理解,请问能说得更详细一些吗?谢谢!
比如说,CipherSuite里面会有FAILBACK的,服务器Random是TLS DOWNGRADE的,或者压缩套件不支持的,建议整包保护
ArcCal
commented
1 year ago 大佬您有新欢restls了,就不爱trojan-oxide了吗 @3andne
1.The restls only verifies some of the values, and if the middleman takes out the values and signature information used for the signature and changes other data, it may cause feature disclosure.
2.If either the client or the server throws an Alert, the current packet is dropped and a failback is performed (May)
3.TLS downgrade. The client provides a 1.3 signature and ClientHello, but the server does not support TLS 1.3. It will automatically downgrade to 1.2, but this will cause the signature auth to fail
4.The author of shadowtls said in the document that any data packet was tampered with and an Alert was thrown.
I am sorry that I can only provide so much, I need to reserve some questions to ensure that my own TLS protocol will not be blocked by the firewall.
NOTICE: Please note that I am not a professional in Rust, I am just a junior high school student, if there is a mistake please correct.