[BUG]TLS1.3下无法正确使用指定的密码套件 #1484

CC-3301 · 2023-01-04T07:16:25Z

配置
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.3",
"cipherSuites": "TLS_CHACHA20_POLY1305_SHA256",
"certificates": [
{
"certificateFile": "path",
"keyFile": "path"
}
]
}
TLS1.3抓包

TLS1.2下则正常
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.2",
"maxVersion": "1.2",
"cipherSuites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"certificates": [
{
"certificateFile": "path",
"keyFile": "path"
}
]
}
TLS1.2抓包

cross-hello · 2023-01-04T08:25:49Z

UTLS has changed ciphersuites of client, so it may be can't specify explicity.

CC-3301 · 2023-01-04T09:13:14Z

UTLS has changed ciphersuites of client, so it may be can't specify explicity.

Even if UTLS is not used, TLS1.3 cannot use the specified cipher suite
However, if TLS1.2 is used, the specified cipher suite works properly with or without UTLS

cross-hello · 2023-01-04T09:36:45Z

Can you pose the cipher suites of server?

yuhan6665 · 2023-01-04T15:30:58Z

It is not supported by Go.
golang/go#29349 (comment)

CC-3301 closed this as completed Jan 5, 2023

cross-hello mentioned this issue Jan 8, 2023

v1.7.2 vision流控无法使用ss的2022-blake3-aes-256-gcm中转 #1500

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG]TLS1.3下无法正确使用指定的密码套件 #1484

[BUG]TLS1.3下无法正确使用指定的密码套件 #1484

CC-3301 commented Jan 4, 2023

cross-hello commented Jan 4, 2023

CC-3301 commented Jan 4, 2023

cross-hello commented Jan 4, 2023

yuhan6665 commented Jan 4, 2023

[BUG]TLS1.3下无法正确使用指定的密码套件 #1484

[BUG]TLS1.3下无法正确使用指定的密码套件 #1484

Comments

CC-3301 commented Jan 4, 2023

cross-hello commented Jan 4, 2023

CC-3301 commented Jan 4, 2023

cross-hello commented Jan 4, 2023

yuhan6665 commented Jan 4, 2023