Closed demarcush closed 1 week ago
nekohasekai
commented
1 week ago Maybe the next time the DNS module is rewritten support for custom TLS options will be added, but there are no plans for that right now and you don't really need to pin TLS certificates, I think.
demarcush
commented
1 week ago It's not just that, when using stamps you can fool around and make something like this that goes around current SNI inspections for the near future;
sdns://AwMAAAAAAAAADVsyNjIwOmZlOjoxMV0ACDkuOS45LjEx -> https://dnscrypt.info/stamps
Here, main conn is over IPv6 but the client checks the provided cert against the IP SAN.
https://github.com/jedisct1/go-dnsstamps