search

compassd / dcompass

A high-performance programmable DNS component aiming at robustness, speed, and flexibility
GNU General Public License v3.0
283 stars 23 forks source link

[BUG] DoH表现异常 #74

Closed Janet-Baker closed 2 years ago

Janet-Baker commented 2 years ago

Describe the bug 发生了什么 DoH表现异常,报错是 peer is incompatible: server does not support TLS v1.2/v1.3 ,但是DoH服务器和我的机器都是支持 TLS v1.2/v1.3 的。

客户端请求:

nslookup www.indlut.cn 10.17.53.86
服务器:  UnKnown
Address:  10.17.53.86

*** UnKnown 找不到 www.indlut.cn: Server failed

服务端dcompass日志:

2021-11-19 17:40:25,098 INFO [dcompass] dcompass ready!
2021-11-19 17:40:25,098 TRACE [mio::poll] registering event source with poller: token=Token(1), interests=READABLE | WRITABLE
2021-11-19 17:40:30,933 INFO [droute::router::table::rule] Domain "86.53.17.10.in-addr.arpa" doesn't match at rule `start`
2021-11-19 17:40:30,933 INFO [droute::router::upstreams::upstream] querying with upstream: dlut6
2021-11-19 17:40:30,933 INFO [droute::router::upstreams::upstream] querying with upstream: qq4
2021-11-19 17:40:30,933 TRACE [mio::poll] registering event source with poller: token=Token(2), interests=READABLE | WRITABLE
2021-11-19 17:40:30,934 DEBUG [reqwest::connect] starting new connection: https://doh-qjflggzs-linux.doh.pub/
2021-11-19 17:40:30,934 TRACE [mio::poll] registering event source with poller: token=Token(3), interests=READABLE | WRITABLE
2021-11-19 17:40:30,950 INFO [droute::cache] response errored, not caching erroneous upstream response.
2021-11-19 17:40:30,950 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-11-19 17:40:30,951 TRACE [mio::poll] deregistering event source from poller
2021-11-19 17:40:30,951 INFO [droute::router::table] domain "86.53.17.10.in-addr.arpa" has finished routing
2021-11-19 17:40:30,951 INFO [dcompass::worker] response completed. Sent back to 10.17.53.50:52319 successfully.
2021-11-19 17:40:30,954 INFO [droute::router::table::rule] domain "www.indlut.cn" matches at rule `start`
2021-11-19 17:40:30,954 INFO [droute::router::upstreams::upstream] querying with upstream: qq4
2021-11-19 17:40:30,954 DEBUG [reqwest::connect] starting new connection: https://doh-qjflggzs-linux.doh.pub/
2021-11-19 17:40:30,954 TRACE [mio::poll] registering event source with poller: token=Token(16777219), interests=READABLE | WRITABLE
2021-11-19 17:40:30,987 DEBUG [rustls::client::hs] No cached session for DNSNameRef("doh-qjflggzs-linux.doh.pub")
2021-11-19 17:40:30,987 DEBUG [rustls::client::hs] Not resuming any session
2021-11-19 17:40:30,987 TRACE [rustls::client::hs] Sending ClientHello Message {
    typ: Handshake,
    version: TLSv1_0,
    payload: Handshake(
        HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: Random(
                        [
                            0,
                            94,
                            255,
                            163,
                            43,
                            0,
                            5,
                            242,
                            220,
                            15,
                            65,
                            155,
                            220,
                            254,
                            168,
                            192,
                            230,
                            217,
                            149,
                            169,
                            56,
                            103,
                            19,
                            199,
                            244,
                            81,
                            135,
                            175,
                            48,
                            214,
                            118,
                            178,
                        ],
                    ),
                    session_id: SessionID(
                        31,
                        133,
                        132,
                        67,
                        65,
                        125,
                        161,
                        169,
                        43,
                        194,
                        168,
                        21,
                        247,
                        240,
                        76,
                        11,
                        64,
                        68,
                        209,
                        136,
                        235,
                        33,
                        208,
                        151,
                        237,
                        80,
                        11,
                        246,
                        144,
                        93,
                        103,
                        209,
                    ),
                    cipher_suites: [
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                TLSv1_3,
                            ],
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DNSName(
                                            "doh-qjflggzs-linux.doh.pub",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        ECPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp384r1,
                                secp256r1,
                            ],
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        CertificateStatusRequest(
                            OCSP(
                                OCSPCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: PayloadU16(
                                        [],
                                    ),
                                },
                            ),
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: PayloadU16(
                                        [
                                            215,
                                            254,
                                            192,
                                            143,
                                            40,
                                            152,
                                            147,
                                            248,
                                            204,
                                            241,
                                            15,
                                            18,
                                            141,
                                            214,
                                            239,
                                            69,
                                            145,
                                            63,
                                            83,
                                            130,
                                            91,
                                            68,
                                            127,
                                            69,
                                            185,
                                            53,
                                            192,
                                            136,
                                            239,
                                            149,
                                            193,
                                            36,
                                        ],
                                    ),
                                },
                            ],
                        ),
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        Protocols(
                            [
                                PayloadU8(
                                    [
                                        104,
                                        50,
                                    ],
                                ),
                            ],
                        ),
                        SessionTicketRequest,
                    ],
                },
            ),
        },
    ),
}
2021-11-19 17:40:31,079 TRACE [rustls::client::hs] We got ServerHello ServerHelloPayload {
    legacy_version: TLSv1_2,
    random: Random(
        [
            177,
            166,
            252,
            25,
            97,
            132,
            167,
            239,
            118,
            21,
            122,
            119,
            196,
            228,
            57,
            205,
            13,
            249,
            36,
            195,
            61,
            19,
            199,
            236,
            114,
            154,
            30,
            237,
            64,
            31,
            250,
            179,
        ],
    ),
    session_id: SessionID,
    cipher_suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    compression_method: Null,
    extensions: [
        ServerNameAck,
        RenegotiationInfo(
            PayloadU8(
                [],
            ),
        ),
        ECPointFormats(
            [
                Uncompressed,
                ANSIX962CompressedPrime,
                ANSIX962CompressedChar2,
            ],
        ),
        SessionTicketAck,
        Protocols(
            [
                PayloadU8(
                    [
                        104,
                        50,
                    ],
                ),
            ],
        ),
    ],
}
2021-11-19 17:40:31,079 WARN [rustls::session] Sending fatal alert ProtocolVersion
2021-11-19 17:40:31,079 TRACE [mio::poll] deregistering event source from poller
2021-11-19 17:40:31,079 WARN [droute::router] upstream encountered error: error sending request for url (https://doh-qjflggzs-linux.doh.pub/dns-query): error trying to connect: peer is incompatible: server does not support TLS v1.2/v1.3, returning SERVFAIL
2021-11-19 17:40:31,080 INFO [dcompass::worker] response completed. Sent back to 10.17.53.50:52320 successfully.
2021-11-19 17:40:31,080 INFO [droute::router::table::rule] Domain "www.indlut.cn" doesn't match at rule `start`
2021-11-19 17:40:31,080 INFO [droute::router::upstreams::upstream] querying with upstream: dlut6
2021-11-19 17:40:31,080 INFO [droute::router::upstreams::upstream] querying with upstream: qq4
2021-11-19 17:40:31,081 DEBUG [reqwest::connect] starting new connection: https://doh-qjflggzs-linux.doh.pub/
2021-11-19 17:40:31,081 TRACE [mio::poll] registering event source with poller: token=Token(33554435), interests=READABLE | WRITABLE
2021-11-19 17:40:31,119 DEBUG [rustls::client::hs] No cached session for DNSNameRef("doh-qjflggzs-linux.doh.pub")
2021-11-19 17:40:31,119 DEBUG [rustls::client::hs] Not resuming any session
2021-11-19 17:40:31,119 TRACE [rustls::client::hs] Sending ClientHello Message {
    typ: Handshake,
    version: TLSv1_0,
    payload: Handshake(
        HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: Random(
                        [
                            236,
                            126,
                            194,
                            210,
                            112,
                            193,
                            85,
                            44,
                            46,
                            209,
                            2,
                            204,
                            135,
                            5,
                            91,
                            168,
                            55,
                            244,
                            43,
                            234,
                            19,
                            83,
                            86,
                            252,
                            31,
                            125,
                            247,
                            79,
                            93,
                            65,
                            176,
                            145,
                        ],
                    ),
                    session_id: SessionID(
                        141,
                        221,
                        183,
                        117,
                        76,
                        203,
                        243,
                        83,
                        216,
                        48,
                        140,
                        157,
                        62,
                        137,
                        88,
                        216,
                        25,
                        238,
                        155,
                        17,
                        247,
                        117,
                        224,
                        48,
                        203,
                        63,
                        101,
                        81,
                        245,
                        254,
                        144,
                        33,
                    ),
                    cipher_suites: [
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                TLSv1_3,
                            ],
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DNSName(
                                            "doh-qjflggzs-linux.doh.pub",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        ECPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp384r1,
                                secp256r1,
                            ],
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        CertificateStatusRequest(
                            OCSP(
                                OCSPCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: PayloadU16(
                                        [],
                                    ),
                                },
                            ),
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: PayloadU16(
                                        [
                                            177,
                                            99,
                                            89,
                                            91,
                                            40,
                                            108,
                                            43,
                                            125,
                                            3,
                                            212,
                                            231,
                                            164,
                                            125,
                                            97,
                                            91,
                                            0,
                                            241,
                                            73,
                                            132,
                                            26,
                                            74,
                                            13,
                                            253,
                                            41,
                                            55,
                                            48,
                                            11,
                                            191,
                                            56,
                                            28,
                                            106,
                                            28,
                                        ],
                                    ),
                                },
                            ],
                        ),
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        Protocols(
                            [
                                PayloadU8(
                                    [
                                        104,
                                        50,
                                    ],
                                ),
                            ],
                        ),
                        SessionTicketRequest,
                    ],
                },
            ),
        },
    ),
}
2021-11-19 17:40:31,140 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-11-19 17:40:31,140 TRACE [mio::poll] deregistering event source from poller
2021-11-19 17:40:31,141 INFO [droute::router::table] domain "www.indlut.cn" has finished routing
2021-11-19 17:40:31,141 INFO [dcompass::worker] response completed. Sent back to 10.17.53.50:52321 successfully.
2021-11-19 17:40:31,142 INFO [droute::router::table::rule] domain "www.indlut.cn" matches at rule `start`
2021-11-19 17:40:31,142 INFO [droute::router::upstreams::upstream] querying with upstream: qq4
2021-11-19 17:40:31,142 DEBUG [reqwest::connect] starting new connection: https://doh-qjflggzs-linux.doh.pub/
2021-11-19 17:40:31,142 TRACE [mio::poll] registering event source with poller: token=Token(50331651), interests=READABLE | WRITABLE
2021-11-19 17:40:31,179 DEBUG [rustls::client::hs] No cached session for DNSNameRef("doh-qjflggzs-linux.doh.pub")
2021-11-19 17:40:31,179 DEBUG [rustls::client::hs] Not resuming any session
2021-11-19 17:40:31,179 TRACE [rustls::client::hs] Sending ClientHello Message {
    typ: Handshake,
    version: TLSv1_0,
    payload: Handshake(
        HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: Random(
                        [
                            204,
                            117,
                            205,
                            142,
                            47,
                            107,
                            70,
                            206,
                            213,
                            142,
                            191,
                            177,
                            116,
                            130,
                            82,
                            176,
                            159,
                            154,
                            13,
                            49,
                            203,
                            35,
                            240,
                            227,
                            34,
                            248,
                            226,
                            157,
                            223,
                            27,
                            166,
                            147,
                        ],
                    ),
                    session_id: SessionID(
                        243,
                        64,
                        48,
                        167,
                        32,
                        42,
                        229,
                        245,
                        39,
                        49,
                        29,
                        57,
                        167,
                        138,
                        148,
                        235,
                        71,
                        175,
                        83,
                        119,
                        125,
                        128,
                        207,
                        23,
                        249,
                        182,
                        65,
                        62,
                        249,
                        77,
                        53,
                        143,
                    ),
                    cipher_suites: [
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                TLSv1_3,
                            ],
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DNSName(
                                            "doh-qjflggzs-linux.doh.pub",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        ECPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp384r1,
                                secp256r1,
                            ],
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        CertificateStatusRequest(
                            OCSP(
                                OCSPCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: PayloadU16(
                                        [],
                                    ),
                                },
                            ),
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: PayloadU16(
                                        [
                                            165,
                                            45,
                                            145,
                                            156,
                                            182,
                                            131,
                                            1,
                                            166,
                                            36,
                                            24,
                                            176,
                                            139,
                                            168,
                                            87,
                                            110,
                                            102,
                                            3,
                                            211,
                                            168,
                                            182,
                                            144,
                                            72,
                                            2,
                                            134,
                                            94,
                                            100,
                                            29,
                                            57,
                                            193,
                                            185,
                                            99,
                                            30,
                                        ],
                                    ),
                                },
                            ],
                        ),
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        Protocols(
                            [
                                PayloadU8(
                                    [
                                        104,
                                        50,
                                    ],
                                ),
                            ],
                        ),
                        SessionTicketRequest,
                    ],
                },
            ),
        },
    ),
}
2021-11-19 17:40:31,269 TRACE [rustls::client::hs] We got ServerHello ServerHelloPayload {
    legacy_version: TLSv1_2,
    random: Random(
        [
            236,
            45,
            73,
            107,
            16,
            97,
            85,
            102,
            25,
            249,
            244,
            75,
            67,
            61,
            17,
            153,
            184,
            161,
            180,
            179,
            177,
            112,
            131,
            45,
            134,
            170,
            191,
            164,
            49,
            144,
            72,
            37,
        ],
    ),
    session_id: SessionID,
    cipher_suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    compression_method: Null,
    extensions: [
        ServerNameAck,
        RenegotiationInfo(
            PayloadU8(
                [],
            ),
        ),
        ECPointFormats(
            [
                Uncompressed,
                ANSIX962CompressedPrime,
                ANSIX962CompressedChar2,
            ],
        ),
        SessionTicketAck,
        Protocols(
            [
                PayloadU8(
                    [
                        104,
                        50,
                    ],
                ),
            ],
        ),
    ],
}
2021-11-19 17:40:31,271 WARN [rustls::session] Sending fatal alert ProtocolVersion
2021-11-19 17:40:31,271 TRACE [mio::poll] deregistering event source from poller
2021-11-19 17:40:31,271 WARN [droute::router] upstream encountered error: error sending request for url (https://doh-qjflggzs-linux.doh.pub/dns-query): error trying to connect: peer is incompatible: server does not support TLS v1.2/v1.3, returning SERVFAIL
2021-11-19 17:40:31,271 INFO [dcompass::worker] response completed. Sent back to 10.17.53.50:52322 successfully.
2021-11-19 17:40:31,272 INFO [droute::router::table::rule] Domain "www.indlut.cn" doesn't match at rule `start`
2021-11-19 17:40:31,272 INFO [droute::router::upstreams::upstream] querying with upstream: dlut6
2021-11-19 17:40:31,272 INFO [droute::cache] cache hit for www.indlut.cn
2021-11-19 17:40:31,272 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-11-19 17:40:31,272 INFO [droute::router::table] domain "www.indlut.cn" has finished routing
2021-11-19 17:40:31,272 INFO [dcompass::worker] response completed. Sent back to 10.17.53.50:52323 successfully.
^C2021-11-19 17:41:25,932 TRACE [mio::poll] deregistering event source from poller
2021-11-19 17:41:25,932 TRACE [mio::poll] deregistering event source from poller
2021-11-19 17:41:25,932 WARN [dcompass] Ctrl-C received, shutting down
2021-11-19 17:41:26,433 WARN [dcompass] gracefully shut down!

To Reproduce 如何重现

设定服务端配置:

{
    "verbosity": "trace",
    "address": "10.17.53.86:53",
    "table": {
        "start": {
            "if": "qtype([A])",
            "then": [
                "query": {
                    "tag": "qq4",
                    "cache_policy": "persistent"
                },
                "end"
            ],
            "else": [
                "query": {
                    "tag": "ipv6",
                    "cache_policy": "persistent"
                },
                "end"
            ]
        }
    },
    "upstreams": {
        "dlut6": {
            "udp": {
                "timeout": 2,
                "addr": "[2001:da8:a800:3::6]:53"
            }
        },
        "qq4": {
            "https": {
                "timeout": 3,
                "sni": true,
                "addr": "1.12.34.56",
                "uri": "https://doh-qjflggzs-linux.doh.pub/dns-query"
            }
        },
        "ipv6": {
            "hybrid": [
                "dlut6",
                "qq4"
            ]
        }
    }
}

然后测试即可复现。

Version & Platform (please complete the following information) 版本信息

LEXUGE commented 2 years ago

能发一下完整的日志和配置吗?我怀疑是字面意思:DoH服务器不支持TLS协议。代码里目前是强制要求v1.2及以上的TLS

LEXUGE commented 2 years ago

我使用你上次提供的配置无法复现:

2021-11-19 18:48:41,593 INFO [dcompass] dcompass ready!
2021-11-19 18:48:41,594 TRACE [mio::poll] registering event source with poller: token=Token(1), interests=READABLE | WRITABLE
2021-11-19 18:48:43,610 INFO [droute::router::table::rule] domain "www.google.com" matches at rule `start`
2021-11-19 18:48:43,610 INFO [droute::router::upstreams::upstream] querying with upstream: dlut4
2021-11-19 18:48:43,610 INFO [droute::router::upstreams::upstream] querying with upstream: qq4
2021-11-19 18:48:43,610 TRACE [mio::poll] registering event source with poller: token=Token(2), interests=READABLE | WRITABLE
2021-11-19 18:48:43,611 DEBUG [reqwest::connect] starting new connection: https://doh-qjflggzs-dcompass.doh.pub/
2021-11-19 18:48:43,611 TRACE [mio::poll] registering event source with poller: token=Token(3), interests=READABLE | WRITABLE
2021-11-19 18:48:43,611 DEBUG [rustls::client::hs] No cached session for DNSNameRef("doh-qjflggzs-dcompass.doh.pub")
2021-11-19 18:48:43,611 DEBUG [rustls::client::hs] Not resuming any session
2021-11-19 18:48:43,611 TRACE [rustls::client::hs] Sending ClientHello Message {
    typ: Handshake,
    version: TLSv1_0,
    payload: Handshake(
        HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: Random(
                        [
                            7,
                            77,
                            67,
                            138,
                            203,
                            253,
                            93,
                            136,
                            13,
                            244,
                            53,
                            157,
                            177,
                            3,
                            109,
                            196,
                            221,
                            124,
                            54,
                            14,
                            186,
                            94,
                            161,
                            176,
                            129,
                            112,
                            188,
                            153,
                            63,
                            137,
                            94,
                            246,
                        ],
                    ),
                    session_id: SessionID(
                        142,
                        18,
                        139,
                        99,
                        145,
                        30,
                        61,
                        169,
                        174,
                        145,
                        191,
                        54,
                        114,
                        45,
                        91,
                        136,
                        9,
                        196,
                        66,
                        120,
                        4,
                        209,
                        212,
                        82,
                        138,
                        105,
                        136,
                        126,
                        235,
                        149,
                        151,
                        177,
                    ),
                    cipher_suites: [
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        SupportedVersions(
                            [
                                TLSv1_3,
                            ],
                        ),
                        ECPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp384r1,
                                secp256r1,
                            ],
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        ExtendedMasterSecretRequest,
                        CertificateStatusRequest(
                            OCSP(
                                OCSPCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: PayloadU16(
                                        [],
                                    ),
                                },
                            ),
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: PayloadU16(
                                        [
                                            162,
                                            203,
                                            243,
                                            240,
                                            24,
                                            27,
                                            19,
                                            196,
                                            207,
                                            63,
                                            239,
                                            247,
                                            0,
                                            200,
                                            103,
                                            239,
                                            231,
                                            187,
                                            101,
                                            40,
                                            14,
                                            126,
                                            245,
                                            75,
                                            14,
                                            4,
                                            206,
                                            30,
                                            42,
                                            202,
                                            113,
                                            101,
                                        ],
                                    ),
                                },
                            ],
                        ),
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                        Protocols(
                            [
                                PayloadU8(
                                    [
                                        104,
                                        50,
                                    ],
                                ),
                            ],
                        ),
                        SessionTicketRequest,
                    ],
                },
            ),
        },
    ),
}
2021-11-19 18:48:43,657 INFO [droute::router::upstreams::upstream] query successfully completed.
2021-11-19 18:48:43,657 TRACE [mio::poll] deregistering event source from poller
2021-11-19 18:48:43,657 INFO [droute::router::table] domain "www.google.com" has finished routing
2021-11-19 18:48:43,657 INFO [dcompass::worker] response completed. Sent back to 127.0.0.1:54860 successfully.
LEXUGE commented 2 years ago

https://github.com/compassd/dcompass/blob/e2d27e0c39ca61f8a27b8ba4071e793be5f847dc/droute/src/router/upstreams/upstream/qhandle/https.rs#L30 可能是这里强制要求 TLS v1.3 引起的,太激进了

LEXUGE commented 2 years ago

https://github.com/compassd/dcompass/releases/tag/build-20211119_1907

可以尝试一下这个 release 能不能修正问题

Janet-Baker commented 2 years ago

编译好了,上机测试

Janet-Baker commented 2 years ago

OK 可以正常使用了。