evan/gost
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix make tls hello failed when reconnect the network

Browse Source
This commit is contained in:
wenyifan 2022-10-17 12:22:31 +08:00
parent ef230d49a0
commit ce15e23ce2
2 changed files with 73 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
build.bat
View File

@ -3,15 +3,15 @@ mkdir bin
cd cmd/gost
set GOARCH=amd64
set GOOS=windows
go build --ldflags="-s -w" -v -x -a -o gost.exe
go build --ldflags="-s -w" -v -x -a -trimpath -o gost.exe
move gost.exe ../../bin
set GOARCH=amd64
set GOOS=linux
go build --ldflags="-s -w" -v -x -a -o gost
go build --ldflags="-s -w" -v -x -a -trimpath -o gost
move gost ../../bin
set GOARCH=arm64
set GOOS=linux
go build --ldflags="-s -w" -v -x -a -o gost_arm64
go build --ldflags="-s -w" -v -x -a -trimpath -o gost_arm64
move gost_arm64 ../../bin

142
ws.go
View File

@ -744,77 +744,6 @@ type websocketConn struct {
rb []byte
}
var wsTlsSpec = &utls.ClientHelloSpec{
CipherSuites: []uint16{
utls.GREASE_PLACEHOLDER,
utls.TLS_AES_128_GCM_SHA256,
utls.TLS_AES_256_GCM_SHA384,
utls.TLS_CHACHA20_POLY1305_SHA256,
utls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
utls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
utls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
utls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
utls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
utls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
utls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
utls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
utls.TLS_RSA_WITH_AES_128_GCM_SHA256,
utls.TLS_RSA_WITH_AES_256_GCM_SHA384,
utls.TLS_RSA_WITH_AES_128_CBC_SHA,
utls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
CompressionMethods: []byte{
0x00, // compressionNone
},
Extensions: []utls.TLSExtension{
&utls.UtlsGREASEExtension{},
&utls.SNIExtension{},
&utls.UtlsExtendedMasterSecretExtension{},
&utls.RenegotiationInfoExtension{Renegotiation: utls.RenegotiateOnceAsClient},
&utls.SupportedCurvesExtension{[]utls.CurveID{
utls.GREASE_PLACEHOLDER,
utls.X25519,
utls.CurveP256,
utls.CurveP384,
}},
&utls.SupportedPointsExtension{SupportedPoints: []byte{
0x00, // pointFormatUncompressed
}},
&utls.SessionTicketExtension{},
&utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}},
&utls.StatusRequestExtension{},
&utls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []utls.SignatureScheme{
utls.ECDSAWithP256AndSHA256,
utls.PSSWithSHA256,
utls.PKCS1WithSHA256,
utls.ECDSAWithP384AndSHA384,
utls.PSSWithSHA384,
utls.PKCS1WithSHA384,
utls.PSSWithSHA512,
utls.PKCS1WithSHA512,
}},
&utls.SCTExtension{},
&utls.KeyShareExtension{[]utls.KeyShare{
{Group: utls.CurveID(utls.GREASE_PLACEHOLDER), Data: []byte{0}},
{Group: utls.X25519},
}},
&utls.PSKKeyExchangeModesExtension{[]uint8{
utls.PskModeDHE,
}},
&utls.SupportedVersionsExtension{[]uint16{
utls.GREASE_PLACEHOLDER,
utls.VersionTLS13,
utls.VersionTLS12,
}},
&utls.UtlsCompressCertExtension{[]utls.CertCompressionAlgo{
utls.CertCompressionBrotli,
}},
&utls.ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}},
&utls.UtlsGREASEExtension{},
&utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle},
},
}
func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, options *WSOptions) (net.Conn, error) {
if options == nil {
options = &WSOptions{}
@ -836,7 +765,76 @@ func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, optio
},
NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
client := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom)
client.ApplyPreset(wsTlsSpec)
client.ApplyPreset(&utls.ClientHelloSpec{
CipherSuites: []uint16{
utls.GREASE_PLACEHOLDER,
utls.TLS_AES_128_GCM_SHA256,
utls.TLS_AES_256_GCM_SHA384,
utls.TLS_CHACHA20_POLY1305_SHA256,
utls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
utls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
utls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
utls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
utls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
utls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
utls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
utls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
utls.TLS_RSA_WITH_AES_128_GCM_SHA256,
utls.TLS_RSA_WITH_AES_256_GCM_SHA384,
utls.TLS_RSA_WITH_AES_128_CBC_SHA,
utls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
CompressionMethods: []byte{
0x00, // compressionNone
},
Extensions: []utls.TLSExtension{
&utls.UtlsGREASEExtension{},
&utls.SNIExtension{},
&utls.UtlsExtendedMasterSecretExtension{},
&utls.RenegotiationInfoExtension{Renegotiation: utls.RenegotiateOnceAsClient},
&utls.SupportedCurvesExtension{[]utls.CurveID{
utls.GREASE_PLACEHOLDER,
utls.X25519,
utls.CurveP256,
utls.CurveP384,
}},
&utls.SupportedPointsExtension{SupportedPoints: []byte{
0x00, // pointFormatUncompressed
}},
&utls.SessionTicketExtension{},
&utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}},
&utls.StatusRequestExtension{},
&utls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []utls.SignatureScheme{
utls.ECDSAWithP256AndSHA256,
utls.PSSWithSHA256,
utls.PKCS1WithSHA256,
utls.ECDSAWithP384AndSHA384,
utls.PSSWithSHA384,
utls.PKCS1WithSHA384,
utls.PSSWithSHA512,
utls.PKCS1WithSHA512,
}},
&utls.SCTExtension{},
&utls.KeyShareExtension{[]utls.KeyShare{
{Group: utls.CurveID(utls.GREASE_PLACEHOLDER), Data: []byte{0}},
{Group: utls.X25519},
}},
&utls.PSKKeyExchangeModesExtension{[]uint8{
utls.PskModeDHE,
}},
&utls.SupportedVersionsExtension{[]uint16{
utls.GREASE_PLACEHOLDER,
utls.VersionTLS13,
utls.VersionTLS12,
}},
&utls.UtlsCompressCertExtension{[]utls.CertCompressionAlgo{
utls.CertCompressionBrotli,
}},
&utls.ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}},
&utls.UtlsGREASEExtension{},
&utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle},
},
})
err := client.Handshake()
if err != nil {
return nil, err