v1.3.2 bug fixes, robustness, and new (beta) ClientHelloSpecs

What's Changed

• fixes #127 by @fqrious in #175
• Implement ClientHelloSpec JSON Unmarshaler by @gaukas in #176
• fix: PSK extension w/o session cache crashing by @gaukas in #177
• fix: connection state locked never called by @blakebyrnes in #178
• fix: don't shuf psk by @gaukas in #180

Note

Added HelloChrome_100_PSK and HelloChrome_112_PSK_Shuf, which includes PreSharedKey automatically instead of Padding as the last TLS extensions.

To use them correctly, you are required to use (*UConn).ApplyPreset():

conn := utls.UClient(plainConn, utlsConfig, utls.HelloCustom)
preset, err := utls.UTLSIdToSpec(utls.HelloChrome_112_PSK_Shuf) // correct
if err != nil {
	return nil, err
}
if pskExt, ok := preset.Extensions[len(preset.Extensions)-1].(*utls.FakePreSharedKeyExtension); ok {
	pskExt.PskIdentities = []utls.PskIdentity{ // must set identity
		{
			Label:               []byte("blahblahblah"), // change this
			ObfuscatedTicketAge: 0, // change this
		},
	}
	// each fake binder is 32 bytes of zeros
	pskExt.PskBinders = [][]byte{ // must set psk binders
		{
			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  // change this
		},
	} // byte slices
}
conn.ApplyPreset(&preset) // make sure to apply preset to the connection

Instead of

conn := utls.UClient(plainConn, utlsConfig, utls.HelloChrome_112_PSK_Shuf) // incorrect! PSK extension will use empty payload!

New Contributors

• @fqrious made their first contribution in #175
• @blakebyrnes made their first contribution in #178

Full Changelog: v1.3.1...v1.3.2

v1.3.1 Hotfix: InsecureServerNameToVerify for loadSession

What's Changed

• Add InsecureSkipTimeVerify by @molon in #174

New Contributors

• @molon made their first contribution in #174

Full Changelog: v1.3.0...v1.3.1

v1.3.0 Update: Security, and Compatibility

What's Changed

• build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 by @dependabot in #165
• crypto/tls: reject change_cipher_spec record after handshake in TLS 1.3 by @RPRX in #170
• crypto/tls: set const maxUselessRecords to 32 (the same with OpenSSL) by @RPRX in #171
• Sync with upstream: Go 1.19.6 (no new change in 1.19.7) by @gaukas in #172
• feat: Convert raw bytes or tlsfingerprint record to ClientHelloSpec by @gaukas and @gfw-report in #168

New Contributors

• @dependabot made their first contribution in #165

Important Notice

#170 and #171 patched vulnerabilities allowing a strong attacker to detect and break uTLS (and Go's crypto/tls) connections. Please consider updating your go.mod to use the latest version of uTLS.

Full Changelog: v1.2.2...v1.3.0

v1.2.2 Hotfix: Allow custom weights in generateRandomizedSpec()

What's Changed

• Customable weights used in generateRandomizedSpec() by @RPRX in #163

Full Changelog: v1.2.1...v1.2.2

v1.2.1 Improvements and Fix

What's Changed

• Fix Client Certificate Verification when Using Extended Master Secret by @DunyaKokoschka in #143
• Bugfix: FingerprintClientHello should work when the dump contains the… by @svmk in #121
• Misspelling ? by @githuu5y5u in #154
• Add randomized clientHello generation in UTLSIdToSpec. by @fedosgad in #155
• Support randomized with non-nil seed in UTLSIdToSpec by @RPRX in #157
• add InsecureSkipServerNameVerify to tls.Config by @TNQOYxNU in #158
• Replace InsecureSkipServerNameVerify with InsecureServerNameToVerify by @RPRX in #161
• update go.mod by @gaukas in #153
• Bump HelloChrome_Auto version by @gaukas in #162

New Contributors

• @DunyaKokoschka made their first contribution in #143
• @svmk made their first contribution in #121
• @githuu5y5u made their first contribution in #154
• @RPRX made their first contribution in #157
• @TNQOYxNU made their first contribution in #158

Full Changelog: v1.2.0...v1.2.1

We will not sync with upstream crypto/tls until the next tagged version.

v1.2.0 Refactored and Made Anew

TL;DR

This update includes some major refactorizations and improvements, ALPS (ApplicationSettingsExtension) support, and included a new experimental anti-fingerprinting fingerprint from Chrome/Chromium.

What's Changed

• Sync upstream: go 1.19.2 by @gaukas in #130
• Adding build & test workflow by @gaukas in #131
• Exports utlsIdToSpec() as UTLSIdToSpec() by @gaukas in #136
• Marshal Public ClientHello by @jmwample in #138
• feat: Chrome 106 Shuffled Fingerprint by @gaukas in #133
• feat: Implement ALPS extension by @gaukas in #142

Minimum Go version: 1.16 -> 1.19

New Contributors

• @jmwample made their first contribution in #138

Full Changelog: v1.1.5...v1.2.0

v1.1.5 Sync & New Architecture

Note: this is the last tagged version in which we support old Go versions.

From next release, we will support go 1.19 and above only.

What's Changed

• Sync upstream crypto/tls by @gaukas in #120
• add loong64 support by @cheungxi in #106

New Contributors

• @cheungxi made their first contribution in #106

Full Changelog: v1.1.3...v1.1.5

v1.1.3 ClientHello Diversity

What's Changed

• Add new ClientHellos by @hwh33 in #122
• Fix Google Parrots by @gaukas in #125

Full Changelog: v1.1.2...v1.1.3

v1.1.2

What's Changed

• Document adding custom fake TLS extensions by @fedosgad in #115
• new ClientHellos and Extensions by @rp-psiphon in #116

New Contributors

• @fedosgad made their first contribution in #115
• @rp-psiphon made their first contribution in #116

Full Changelog: v1.1.1...v1.1.2

v1.1.1

What's Changed

• Fix invalid SNI handling by @max-b in #100
• Implement certificate compression by @hwh33 in #95

New Contributors

• @hwh33 made their first contribution in #95

Full Changelog: v1.0.0...v1.1.1