search

refraction-networking / utls

Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
BSD 3-Clause "New" or "Revised" License
1.71k stars 246 forks source link

PSK resumption and ClientHelloRetry #250

Closed let4be closed 11 months ago

let4be commented 1 year ago

error: uTLS does not support reprocessing of PSK key triggered by HelloRetryRequest getting this error during handshake with https://httpbin.dev/anything

gaukas commented 1 year ago

It is a known issue simply because we didn't try to implement it given the amount of work needed.

I don't believe there's any technical gap between uTLS and PSK by HRR, but it might still require some efforts in actually implementing and debugging.

Until someone wants to open a PR to address this, you may either want to do something to prevent the server sending you HRR records (presumably by using a ClientHelloSpec with the server-preferred keyshare or something), or simply disable the PSK (use a fake PSK extension if you are parroting PSK?).