TLS ClientHello identification issue

bol-van / zapret

DPI bypass multi platform

8.58k stars 645 forks source link

TLS ClientHello identification issue #161

Closed levshutov closed 10 months ago

levshutov commented 1 year ago

nfqws can't identify TLS ClientHello packet in case Chrome option "TLS 1.3 hybridized Kyber support" (chrome://flags/#enable-tls13-kyber) is enabled. It is enabled by default for some users as experiment. It increases packet segnificantly.

bol-van commented 1 year ago

nfqws cannot reassemble TCP frames and analyze messages, not packets If multi-packet TLS ClientHello becomes widespread, I'll have to think about it tpws should not have this problem

bol-van commented 1 year ago

see a9a4cd5cb4bc1aa772c5220023291dc859725e4a

AlexeiGHub commented 1 year ago

fake_tls[1432] and tls_clienthello_vk_com_kyber.bin (1.77 KB)