commit ca6765e3e3995144df2b1ca9f0e9d823a7f8a47c
Author: Yawning Angel <[email protected]>
Date: Mon Mar 18 01:48:32 2019 +0000
transports/meeklite: Tweak the TLS configuration
---
transports/meeklite/transport.go | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/transports/meeklite/transport.go b/transports/meeklite/transport.go
index 85da3e2..8ea865f 100644
--- a/transports/meeklite/transport.go
+++ b/transports/meeklite/transport.go
@@ -149,7 +149,15 @@ func (rt *roundTripper) dialTLS(network, addr string)
(net.Conn, error) {
log.Warnf("meek_lite - HPKP disabled for host: %v", host)
}
- conn := utls.UClient(rawConn, &utls.Config{ServerName: host,
VerifyPeerCertificate: verifyPeerCertificateFn}, *rt.clientHelloID)
+ conn := utls.UClient(rawConn, &utls.Config{
+ ServerName: host,
+ VerifyPeerCertificate: verifyPeerCertificateFn,
+
+ // `crypto/tls` gradually ramps up the record size. While this
is
+ // a good optimization and is a relatively common server
feature,
+ // neither Firefox nor Chromium appear to use such
optimizations.
+ DynamicRecordSizingDisabled: true,
+ }, *rt.clientHelloID)
if err = conn.Handshake(); err != nil {
conn.Close()
return nil, err
_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
