fix tls handshake sniffing

2023-12-27 19:24:31 +08:00 · 2023-12-27 19:24:31 +08:00 · e1ae379048
commit e1ae379048
parent 1117723913
3 changed files with 7 additions and 3 deletions
--- a/handler/redirect/tcp/handler.go
+++ b/handler/redirect/tcp/handler.go
@ -109,9 +109,10 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
 			conn.SetReadDeadline(time.Time{})
 		}
 		rw = xio.NewReadWriter(io.MultiReader(bytes.NewReader(hdr[:n]), rw), rw)
 		tlsVersion := binary.BigEndian.Uint16(hdr[1:3])
 		if err == nil &&
 			hdr[0] == dissector.Handshake &&
-			binary.BigEndian.Uint16(hdr[1:3]) == tls.VersionTLS10 {
+			(tlsVersion >= tls.VersionTLS10 && tlsVersion <= tls.VersionTLS13) {
 			return h.handleHTTPS(ctx, rw, conn.RemoteAddr(), dstAddr, log)
 		}
--- a/handler/sni/handler.go
+++ b/handler/sni/handler.go
@ -90,8 +90,10 @@ func (h *sniHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler.
 	}
 	rw := xio.NewReadWriter(io.MultiReader(bytes.NewReader(hdr[:]), conn), conn)
 	tlsVersion := binary.BigEndian.Uint16(hdr[1:3])
 	if hdr[0] == dissector.Handshake &&
-		binary.BigEndian.Uint16(hdr[1:3]) == tls.VersionTLS10 {
+		(tlsVersion >= tls.VersionTLS10 && tlsVersion <= tls.VersionTLS13) {
 		return h.handleHTTPS(ctx, rw, conn.RemoteAddr(), log)
 	}
 	return h.handleHTTP(ctx, rw, conn.RemoteAddr(), log)
--- a/internal/util/forward/forward.go
+++ b/internal/util/forward/forward.go
@ -21,9 +21,10 @@ func Sniffing(ctx context.Context, rdw io.ReadWriter) (rw io.ReadWriter, host st
 	var hdr [dissector.RecordHeaderLen]byte
 	n, err := io.ReadFull(rw, hdr[:])
 	rw = xio.NewReadWriter(io.MultiReader(bytes.NewReader(hdr[:n]), rw), rw)
 	tlsVersion := binary.BigEndian.Uint16(hdr[1:3])
 	if err == nil &&
 		hdr[0] == dissector.Handshake &&
-		binary.BigEndian.Uint16(hdr[1:3]) == tls.VersionTLS10 {
+		(tlsVersion >= tls.VersionTLS10 && tlsVersion <= tls.VersionTLS13) {
 		rw, host, err = sniffSNI(ctx, rw)
 		protocol = ProtoTLS
 		return