search

Alex313031 / Thorium-Win

Chromium fork for Windows named after radioactive element No. 90; Windows builds of https://github.com/Alex313031/Thorium
https://thorium.rocks/
BSD 3-Clause "New" or "Revised" License
1.28k stars 33 forks source link

Encrypted ClientHello - Missing? #199

Open adrianmmiller opened 2 months ago

adrianmmiller commented 2 months ago

System Details

Problem Cannot pass Secure SNI on cloudflare test using Thorium when using dnscrypt-proxy, works fine with Firefox, Chrome and Chromium

Check for Encrypted ClientHello flags which exist in Chrome/Chromium - but none exist in Thorium

narinishi commented 2 months ago

Issue also affects Thorium for legacy Windows versions https://github.com/Alex313031/thorium-legacy/issues/72

gz83 commented 2 months ago

This issue seems to be related to the new algorithm recently deployed by Google, please try going to chrome://flags and turn enable-tls13-kyber off

adrianmmiller commented 2 months ago

This issue seems to be related to the new algorithm recently deployed by Google, please try going to chrome://flags and turn enable-tls13-kyber off

Afraid its a still no goer.....

gz83 commented 2 months ago

Have you updated to version M123? In addition, related problems may not be improved until the M124 version.

At the same time, this issue may also be related to some patches we use, and I need Alex to verify this issue.

@Alex313031

adrianmmiller commented 2 months ago

Have you updated to version M123? In addition, related problems may not be improved until the M124 version.

At the same time, this issue may also be related to some patches we use, and I need Alex to verify this issue.

@Alex313031

Just tried latest (M123), no change sorry, and understood, thanks for the follow up

Alex313031 commented 2 months ago

@gz83 @narinishi @adrianmmiller @eltociear I think this is related to the two DNS patches we use. One is from Ungoogled, the other is from Bromite.

They are always enabled and cannot be disabled except at the source code level. I don't want to remove them, because for the majority of cases, it works fine and hardens security. But what I will do (especially since you guys are not the first to report DNS problems in Thorium), is put them behind a chrome://flags flag. Something like "Disable Thorium DNS Config". This way it can be disabled via GUI.

adrianmmiller commented 2 months ago

@gz83 @narinishi @adrianmmiller @eltociear I think this is related to the two DNS patches we use. One is from Ungoogled, the other is from Bromite.

They are always enabled and cannot be disabled except at the source code level. I don't want to remove them, because for the majority of cases, it works fine and hardens security. But what I will do (especially since you guys are not the first to report DNS problems in Thorium), is put them behind a chrome://flags flag. Something like "Disable Thorium DNS Config". This way it can be disabled via GUI.

Cant ask for a better response than that, cheers

Alex313031 commented 2 months ago

@gz83 @narinishi @adrianmmiller @eltociear Here we go > https://github.com/Alex313031/thorium/commit/840ec41e774442da669a5a863b5a1bec31523951

Also, @narinishi I added this to the thorium-legacy repo as well, so it will be present in the next builds.