kirillius
/
Cloak
mirror of https://github.com/cbeuw/Cloak
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Let the server send a mock encrypted certificate after ChangeCipherSuite to imitate real behaviour more closely

This commit is contained in:
Qian Wang 2019-08-07 00:28:08 +01:00
parent 81f233c226
commit ae4fc917b6
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/client/TLS.go
View File

@ -66,10 +66,13 @@ func PrepareConnection(sta *State, conn net.Conn) (sessionKey []byte, err error)
return return
} }
for i := 0; i < 2; i++ {
// ChangeCipherSpec and EncryptedCert (in the format of application data)
_, err = util.ReadTLS(conn, buf) _, err = util.ReadTLS(conn, buf)
if err != nil { if err != nil {
return return
} }
}
return sessionKey, nil return sessionKey, nil

4
internal/server/TLS.go
View File

@ -212,7 +212,11 @@ func composeReply(ch *ClientHello, sharedSecret []byte, sessionKey []byte) ([]by
} }
shBytes := addRecordLayer(sh, []byte{0x16}, TLS12) shBytes := addRecordLayer(sh, []byte{0x16}, TLS12)
ccsBytes := addRecordLayer([]byte{0x01}, []byte{0x14}, TLS12) ccsBytes := addRecordLayer([]byte{0x01}, []byte{0x14}, TLS12)
cert := make([]byte, 68) // this is always 68 bytes
rand.Read(cert)
encryptedCertBytes := addRecordLayer(cert, []byte{0x17}, TLS12)
ret := append(shBytes, ccsBytes...) ret := append(shBytes, ccsBytes...)
ret = append(ret, encryptedCertBytes...)
return ret, nil return ret, nil
} }