Further strip unique signatures of tls handshake #2521
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
这个提交里面做了以下几个改动:
["h2", "http/1.1"]
之前在GetTLSConfig里有个默认值
["http/1.1"]
,而在实际调用时,h2与tcp模式又显式设置成["h2"]
。现在除了websocket不得不用["http/1.1"]
,其余地方统一使用新的默认值。h2链接过程新增通过server返回来协商后的alpn是否是h2
来判断是否取消链接,而不是之前偷懒式的把client端alpn设置成只有h2
。做此修改后,tcp模式与h2模式,以及其他使用tls建立连接的地方,alpn都与其他golang程序一致。设置这个参数的作用是使得ClientHello里没有session_ticket这个扩展。常见的go语言程序的ClientHello里都是没有用这个的,有兴趣的可以自行去查验。不用它的原因,现在h2已经是主流了,都在单个连接里多路复用,这种减少单次连接延迟的手段意义已不大,况且还有安全问题。之前在v2ray的代码里,本来是有这个选项的,然而在v2ctl这边却没有对应,造成实际上不可用。现在在v2ctl里也加上,让他真正生效。个人觉得这个的危险性不如alpn那么大,因此交由用户自己决定是否设置,不改默认值。
(解决 #2522 )