Skip to content

uTLS Round-Tripper for Snowflake Client

shelikhoo requested to merge shelikhoo/snowflake:dev-utls into main

This merge request bring uTLS support to the snowflake. The design of this part of the code is influenced by both @dcf and @max-b's design and reused a significant part of these existing codes.

This merge request adds two options to the snowflake client: -utls-imitate left empty to disable uTLS, input name of ClientHelloID to avoid -utls-nosni remove SNI from TLS Client Hello when using uTLS.

Highlight: Preflight connections that detect negotiated ALPN are reused for data transfer whenever possible. Any unexpected negotiated ALPN will be automatically adapted. This reduces the amount of anomaly observable to adversaries. As a side-effect, in the corner case that a server changes its TLS configuration while the client is running, the round-tripper will no longer be stuck in a malfunctioning state. A remove SNI setting is added to disable SNI extension on uTLS connections. Some CDN like CDN77, Azure allow domain fronting without SNI:Discussion Geph Sourcecode.

Things to look at: Currently, uTLS is not enabled by default. We will have a discussion on which fingerprint to use by default, or use dcf1's weighted random method to use a combination of them.

(Close #40054 (closed))

Edited by shelikhoo

Merge request reports