diff --git a/build.bat b/build.bat index 8d4b5d2..2ec20b1 100644 --- a/build.bat +++ b/build.bat @@ -3,15 +3,15 @@ mkdir bin cd cmd/gost set GOARCH=amd64 set GOOS=windows -go build --ldflags="-s -w" -v -x -a -o gost.exe +go build --ldflags="-s -w" -v -x -a -trimpath -o gost.exe move gost.exe ../../bin set GOARCH=amd64 set GOOS=linux -go build --ldflags="-s -w" -v -x -a -o gost +go build --ldflags="-s -w" -v -x -a -trimpath -o gost move gost ../../bin set GOARCH=arm64 set GOOS=linux -go build --ldflags="-s -w" -v -x -a -o gost_arm64 +go build --ldflags="-s -w" -v -x -a -trimpath -o gost_arm64 move gost_arm64 ../../bin \ No newline at end of file diff --git a/ws.go b/ws.go index 7fe89ae..5701d2d 100644 --- a/ws.go +++ b/ws.go @@ -744,77 +744,6 @@ type websocketConn struct { rb []byte } -var wsTlsSpec = &utls.ClientHelloSpec{ - CipherSuites: []uint16{ - utls.GREASE_PLACEHOLDER, - utls.TLS_AES_128_GCM_SHA256, - utls.TLS_AES_256_GCM_SHA384, - utls.TLS_CHACHA20_POLY1305_SHA256, - utls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - utls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - utls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - utls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - utls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - utls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, - utls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - utls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - utls.TLS_RSA_WITH_AES_128_GCM_SHA256, - utls.TLS_RSA_WITH_AES_256_GCM_SHA384, - utls.TLS_RSA_WITH_AES_128_CBC_SHA, - utls.TLS_RSA_WITH_AES_256_CBC_SHA, - }, - CompressionMethods: []byte{ - 0x00, // compressionNone - }, - Extensions: []utls.TLSExtension{ - &utls.UtlsGREASEExtension{}, - &utls.SNIExtension{}, - &utls.UtlsExtendedMasterSecretExtension{}, - &utls.RenegotiationInfoExtension{Renegotiation: utls.RenegotiateOnceAsClient}, - &utls.SupportedCurvesExtension{[]utls.CurveID{ - utls.GREASE_PLACEHOLDER, - utls.X25519, - utls.CurveP256, - utls.CurveP384, - }}, - &utls.SupportedPointsExtension{SupportedPoints: []byte{ - 0x00, // pointFormatUncompressed - }}, - &utls.SessionTicketExtension{}, - &utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}}, - &utls.StatusRequestExtension{}, - &utls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []utls.SignatureScheme{ - utls.ECDSAWithP256AndSHA256, - utls.PSSWithSHA256, - utls.PKCS1WithSHA256, - utls.ECDSAWithP384AndSHA384, - utls.PSSWithSHA384, - utls.PKCS1WithSHA384, - utls.PSSWithSHA512, - utls.PKCS1WithSHA512, - }}, - &utls.SCTExtension{}, - &utls.KeyShareExtension{[]utls.KeyShare{ - {Group: utls.CurveID(utls.GREASE_PLACEHOLDER), Data: []byte{0}}, - {Group: utls.X25519}, - }}, - &utls.PSKKeyExchangeModesExtension{[]uint8{ - utls.PskModeDHE, - }}, - &utls.SupportedVersionsExtension{[]uint16{ - utls.GREASE_PLACEHOLDER, - utls.VersionTLS13, - utls.VersionTLS12, - }}, - &utls.UtlsCompressCertExtension{[]utls.CertCompressionAlgo{ - utls.CertCompressionBrotli, - }}, - &utls.ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}}, - &utls.UtlsGREASEExtension{}, - &utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle}, - }, -} - func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, options *WSOptions) (net.Conn, error) { if options == nil { options = &WSOptions{} @@ -836,7 +765,76 @@ func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, optio }, NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) { client := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom) - client.ApplyPreset(wsTlsSpec) + client.ApplyPreset(&utls.ClientHelloSpec{ + CipherSuites: []uint16{ + utls.GREASE_PLACEHOLDER, + utls.TLS_AES_128_GCM_SHA256, + utls.TLS_AES_256_GCM_SHA384, + utls.TLS_CHACHA20_POLY1305_SHA256, + utls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + utls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + utls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + utls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + utls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + utls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + utls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + utls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + utls.TLS_RSA_WITH_AES_128_GCM_SHA256, + utls.TLS_RSA_WITH_AES_256_GCM_SHA384, + utls.TLS_RSA_WITH_AES_128_CBC_SHA, + utls.TLS_RSA_WITH_AES_256_CBC_SHA, + }, + CompressionMethods: []byte{ + 0x00, // compressionNone + }, + Extensions: []utls.TLSExtension{ + &utls.UtlsGREASEExtension{}, + &utls.SNIExtension{}, + &utls.UtlsExtendedMasterSecretExtension{}, + &utls.RenegotiationInfoExtension{Renegotiation: utls.RenegotiateOnceAsClient}, + &utls.SupportedCurvesExtension{[]utls.CurveID{ + utls.GREASE_PLACEHOLDER, + utls.X25519, + utls.CurveP256, + utls.CurveP384, + }}, + &utls.SupportedPointsExtension{SupportedPoints: []byte{ + 0x00, // pointFormatUncompressed + }}, + &utls.SessionTicketExtension{}, + &utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}}, + &utls.StatusRequestExtension{}, + &utls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []utls.SignatureScheme{ + utls.ECDSAWithP256AndSHA256, + utls.PSSWithSHA256, + utls.PKCS1WithSHA256, + utls.ECDSAWithP384AndSHA384, + utls.PSSWithSHA384, + utls.PKCS1WithSHA384, + utls.PSSWithSHA512, + utls.PKCS1WithSHA512, + }}, + &utls.SCTExtension{}, + &utls.KeyShareExtension{[]utls.KeyShare{ + {Group: utls.CurveID(utls.GREASE_PLACEHOLDER), Data: []byte{0}}, + {Group: utls.X25519}, + }}, + &utls.PSKKeyExchangeModesExtension{[]uint8{ + utls.PskModeDHE, + }}, + &utls.SupportedVersionsExtension{[]uint16{ + utls.GREASE_PLACEHOLDER, + utls.VersionTLS13, + utls.VersionTLS12, + }}, + &utls.UtlsCompressCertExtension{[]utls.CertCompressionAlgo{ + utls.CertCompressionBrotli, + }}, + &utls.ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}}, + &utls.UtlsGREASEExtension{}, + &utls.UtlsPaddingExtension{GetPaddingLen: utls.BoringPaddingStyle}, + }, + }) err := client.Handshake() if err != nil { return nil, err