search

refraction-networking / utls

Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
BSD 3-Clause "New" or "Revised" License
1.66k stars 237 forks source link

KeyShare error: "server selected unsupported group" with HelloFirefox_* #127

Closed meskio closed 1 year ago

meskio commented 1 year ago

Using uTLS to access azure servers I get a hanshake error server selected unsupported group with any of the Firefox client hello.

A simple code to reproduce it:

package main

import (
        "log"
        "net"

        utls "github.com/refraction-networking/utls"
)

var (
        defaultClientHello = utls.HelloFirefox_Auto
        host               = "ajax.aspnetcdn.com"
)

func main() {
        rawConn, err := net.Dial("tcp", host+":443")
        if err != nil {
                log.Fatal("Dial error: ", err)
        }
        tlsConn := utls.UClient(rawConn, &utls.Config{
                ServerName: host,
        }, defaultClientHello)
        defer tlsConn.Close()

        if err = tlsConn.Handshake(); err != nil {
                log.Fatal("Handshake error: ", err)
        }
}

This works fine with HelloChrome_*, I assume is related to some of the extensions that the Firefox client hello claims to support. It works fine with yawning's fork, I think because of 50663a1c918572d973339ce6fe174d1375cca76d, but this fork has an incompatible license we can't just import this commit here :disappointed:.

gaukas commented 1 year ago

Thanks @meskio for reporting this. Yeah, that's an issue and we definitely should get it fixed.

We would encourage any community contributors to implement a fix for this. Meanwhile, I am a bit reluctant to read the commit you have attached -- otherwise I may potentially violate the licensing 😓.