Secured Renegotiation is not supported #284

bufsnake · 2024-01-31T03:17:57Z

Using the following ClientHelloID will produce tls: CurvePreferences includes unsupported curve error.

tls.HelloChrome_100,
tls.HelloChrome_102,
tls.HelloChrome_106_Shuffle,
tls.HelloChrome_120,
tls.HelloEdge_106,
tls.HelloSafari_16_0,

Using the following ClientHelloID will generate a panic: tls: LoadSessionCoordinator.onEnterLoadSessionCheck failed: session is set and locked, no call to loadSession is allowed error.

tls.HelloFirefox_102,
tls.HelloFirefox_105,
tls.HelloFirefox_120,

panic: tls: LoadSessionCoordinator.onEnterLoadSessionCheck failed: session is set and locked, no call to loadSession is allowed

goroutine 34 [running]:
github.com/refraction-networking/utls.uAssert(...)
	/Users/bufsnake/.go/pkg/mod/github.com/refraction-networking/utls@v1.6.2/u_common.go:780
github.com/refraction-networking/utls.(*sessionController).onEnterLoadSessionCheck(...)
	/Users/bufsnake/.go/pkg/mod/github.com/refraction-networking/utls@v1.6.2/u_session_controller.go:319
github.com/refraction-networking/utls.(*Conn).loadSession(0x14000382000, 0x14000385200)
	/Users/bufsnake/.go/pkg/mod/github.com/refraction-networking/utls@v1.6.2/handshake_client.go:322 +0xf34
github.com/refraction-networking/utls.(*Conn).clientHandshake(0x14000382000, {0x1055a3190?, 0x105989c60})
	/Users/bufsnake/.go/pkg/mod/github.com/refraction-networking/utls@v1.6.2/handshake_client.go:215 +0xc4
github.com/refraction-networking/utls.(*Conn).handleRenegotiation(0x14000382000)
	/Users/bufsnake/.go/pkg/mod/github.com/refraction-networking/utls@v1.6.2/conn.go:1286 +0x170
github.com/refraction-networking/utls.(*Conn).handlePostHandshakeMessage(0x14000382000?)
	/Users/bufsnake/.go/pkg/mod/github.com/refraction-networking/utls@v1.6.2/conn.go:1296 +0x238
github.com/refraction-networking/utls.(*Conn).Read(0x14000382000, {0x140003c2000, 0x1000, 0x104e17b1c?})
	/Users/bufsnake/.go/pkg/mod/github.com/refraction-networking/utls@v1.6.2/conn.go:1384 +0x314
bufio.(*Reader).fill(0x1400007c600)
	/Users/bufsnake/.go/go1.21.6/src/bufio/bufio.go:113 +0xf8
bufio.(*Reader).ReadSlice(0x1400007c600, 0x78?)
	/Users/bufsnake/.go/go1.21.6/src/bufio/bufio.go:379 +0x30
bufio.(*Reader).ReadLine(0x1400007c600)
	/Users/bufsnake/.go/go1.21.6/src/bufio/bufio.go:408 +0x24
net/textproto.(*Reader).readLineSlice(0x1400024bc80)
	/Users/bufsnake/.go/go1.21.6/src/net/textproto/reader.go:56 +0x80
net/textproto.(*Reader).ReadLine(...)
	/Users/bufsnake/.go/go1.21.6/src/net/textproto/reader.go:39
net/http.ReadResponse(0x1400007c600, 0x140000b6000)
	/Users/bufsnake/.go/go1.21.6/src/net/http/response.go:161 +0x78

bufsnake · 2024-01-31T03:21:08Z

test link is https://01-tx.audience.gcc.teams.microsoft.com:11024/.

gaukas · 2024-01-31T03:35:19Z

Can you provide a minimal reproducible example along with optional pcap?

gaukas · 2024-01-31T03:42:32Z

Apparently these two errors have something to do with how you set things up.

By simply doing the following

	conn, err := net.Dial("tcp", "01-tx.audience.gcc.teams.microsoft.com:11024")
	if err != nil {
		panic(err)
	}

	tlsConn := tls.UClient(conn, &tls.Config{ServerName: "01-tx.audience.gcc.teams.microsoft.com"}, tls.HelloChrome_120)
	if err := tlsConn.Handshake(); err != nil {
		panic(err)
	}

Handshake could complete without any problem for HelloChrome_120 and HelloFirefox_120, and I am too lazy to test the rest of them.

bufsnake · 2024-01-31T03:51:55Z

Below is my test code.

package main

import (
	"bufio"
	"fmt"
	tls "github.com/refraction-networking/utls"
	"golang.org/x/net/http2"
	"io"
	"log"
	"math/rand"
	"net"
	"net/http"
	"strings"
	"time"
)

func main() {
	cli := http.Client{
		Transport: NewUTransport(30),
	}
	req, err := http.NewRequest(http.MethodGet, "https://01-tx.audience.gcc.teams.microsoft.com:11024/", nil)
	//req, err = http.NewRequest(http.MethodGet, "https://google.com", nil)
	if err != nil {
		log.Fatalln(err)
	}
	resp, err := cli.Do(req)
	if err != nil {
		log.Fatalln(err)
	}
	defer resp.Body.Close()
	all, err := io.ReadAll(resp.Body)
	if err != nil {
		log.Fatalln(err)
	}
	fmt.Println("BodyLength", len(all))
	fmt.Println("StatusCode", resp.StatusCode)
	
}

// ref: https://sxyz.blog/bypass-cloudflare-shield/
type UTransport struct {
	timeout int
	tr      *http2.Transport
}

func NewUTransport(timeout int) *UTransport {
	return &UTransport{
		timeout: timeout,
		tr:      &http2.Transport{},
	}
}

func (u *UTransport) newSpec() (*tls.ClientHelloSpec, error) {
	ids := []tls.ClientHelloID{
		//tls.HelloFirefox_102,
		//tls.HelloFirefox_105,
		//tls.HelloFirefox_120,
		tls.HelloChrome_100,
		tls.HelloChrome_102,
		tls.HelloChrome_106_Shuffle,
		tls.HelloChrome_120,
		tls.HelloEdge_106,
		tls.HelloSafari_16_0,
	}
	spec, err := tls.UTLSIdToSpec(ids[rand.Intn(len(ids))])
	return &spec, err
}

func (u *UTransport) RoundTrip(req *http.Request) (*http.Response, error) {
	if strings.ToLower(req.URL.Scheme) != "https" {
		return nil, fmt.Errorf("unsupported scheme: %s", req.URL.Scheme)
	}
	res_ := &http.Response{}
	err_ := make(chan error)
	fin_ := make(chan interface{})
	go func(r *http.Request) {
		var err error
		res_, err = u.connect(r)
		if err != nil {
			err_ <- err
			return
		}
		fin_ <- nil
	}(req)
	select {
	case <-time.After(time.Duration(u.timeout) * time.Second):
		return nil, fmt.Errorf("%s timeout", req.URL)
	case err := <-err_:
		return nil, err
	case <-fin_:
		return res_, nil
	}
}

func (u *UTransport) connect(req *http.Request) (*http.Response, error) {
	port := req.URL.Port()
	if port == "" {
		port = "443"
	}
	conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%s", strings.Split(req.URL.Host, ":")[0], port), time.Duration(u.timeout)*time.Second)
	if err != nil {
		return nil, fmt.Errorf("net.DialTimeout error: %+v", err)
	}
	uConn := tls.UClient(conn, &tls.Config{
		ServerName: "01-tx.audience.gcc.teams.microsoft.com",
	}, tls.HelloCustom)
	spec, err := u.newSpec()
	if err != nil {
		return nil, err
	}
	if err = uConn.ApplyPreset(spec); err != nil {
		return nil, fmt.Errorf("uConn.ApplyPreset() error: %+v", err)
	}
	if err = uConn.Handshake(); err != nil {
		return nil, fmt.Errorf("uConn.Handshake() error: %+v", err)
	}
	alpn := uConn.ConnectionState().NegotiatedProtocol
	switch alpn {
	case "h2":
		req.Proto = "HTTP/2.0"
		req.ProtoMajor = 2
		req.ProtoMinor = 0
		if c, err := u.tr.NewClientConn(uConn); err == nil {
			return c.RoundTrip(req)
		} else {
			return nil, fmt.Errorf("http2.Transport.NewClientConn() error: %+v", err)
		}
	case "http/1.1", "":
		req.Proto = "HTTP/1.1"
		req.ProtoMajor = 1
		req.ProtoMinor = 1
		if err = req.Write(uConn); err == nil {
			return http.ReadResponse(bufio.NewReader(uConn), req)
		} else {
			return nil, fmt.Errorf("http.Request.Write() error: %+v", err)
		}
	default:
		return nil, fmt.Errorf("unsupported ALPN: %v", alpn)
	}
}

gaukas · 2024-01-31T04:36:51Z

Can you provide a minimal reproducible example

Please try to reduce the unnecessary/irrelevant code next time.

From your code I think the critical part is

func newSpec() (*tls.ClientHelloSpec, error) {
	ids := []tls.ClientHelloID{
		//tls.HelloFirefox_102,
		//tls.HelloFirefox_105,
		//tls.HelloFirefox_120,
		tls.HelloChrome_100,
		tls.HelloChrome_102,
		tls.HelloChrome_106_Shuffle,
		tls.HelloChrome_120,
		tls.HelloEdge_106,
		tls.HelloSafari_16_0,
	}
	spec, err := tls.UTLSIdToSpec(ids[rand.Intn(len(ids))])
	return &spec, err
}

func main() {
	conn, err := net.DialTimeout("tcp", "01-tx.audience.gcc.teams.microsoft.com:11024", 10*time.Second)
	if err != nil {
		panic(err)
	}
	uConn := tls.UClient(conn, &tls.Config{
		ServerName: "01-tx.audience.gcc.teams.microsoft.com",
	}, tls.HelloCustom)
	spec, err := newSpec()
	if err != nil {
		panic(err)
	}
	if err = uConn.ApplyPreset(spec); err != nil {
		panic(err)
	}
	if err = uConn.Handshake(); err != nil {
		panic(err)
	}
}

However the code above does not give me any error so far.

Further investigation with pcap (that's why you REALLY should provide one) shows the problem is actually due to the server sending a Hello Request AFTER a TLS Handshake is done. Major web browsers at this moment will renegotiate over the same TCP connection by sending another ClientHello and this is not supported by uTLS at the moment. I'm not sure if this is supported by our upstream crypto/tls either.

gaukas · 2024-01-31T04:39:23Z

As of why the error message differs, I have no idea. Perhaps due to different states of an internal variable due to different set of TLS Extensions are being advertised/selected. But anyways, the server essentially sent the same message, a encrypted Hello Request with 0x00, 0x00, 0x00, 0x00 as its plaintext payload.

gaukas · 2024-01-31T04:40:30Z

~~For now unless our upstream supports it, this feature will not be implemented by our team. But if you want a PR is always welcomed. I will leave this issue open.~~

This is a confirmed bug.

gaukas · 2024-04-10T05:54:48Z

An update to this: the example code no longer work due to now the server requires the client to be advertising HTTP/1.1 instead of HTTP/2.

And I have been looking into this problem. It seems uTLS does not really support renegotiation and caused this problem. I am currently working on it.

gaukas · 2024-04-10T06:06:35Z

#291 is related.

gaukas · 2024-04-10T07:18:20Z

Note: you will still need to manually advertise HTTP/1.1 after #292 fixes the underlying bug.

gaukas added the cannot reproduce Minimal reproducible example is needed until this can move forward label Jan 31, 2024

gaukas changed the title ~~tls: CurvePreferences includes unsupported curve~~ Encrypted Hello Request and renegotiation with cert request not supported Jan 31, 2024

gaukas added enhancement Feature with low severity but good value help wanted Calling for community PR/volunteer and removed cannot reproduce Minimal reproducible example is needed until this can move forward labels Jan 31, 2024

gaukas changed the title ~~Encrypted Hello Request and renegotiation with cert request not supported~~ Encrypted Hello Request after successful handshake followed by Cert Request is not supported Jan 31, 2024

gaukas added the bug Unexpected behavior confirmed and should be fixed label Apr 10, 2024

gaukas added PR ready A Pull-Request has been opened for this issue. and removed help wanted Calling for community PR/volunteer labels Apr 10, 2024

gaukas changed the title ~~Encrypted Hello Request after successful handshake followed by Cert Request is not supported~~ Secured Renegotiation is not supported Apr 10, 2024

gaukas mentioned this issue Apr 10, 2024

fix: (*UConn).Read() and Secure Renegotiation #292

Merged

gaukas mentioned this issue Apr 10, 2024

Calling Read before Write ignores the fingerprint #75

Closed

gaukas closed this as completed in #292 Apr 10, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Secured Renegotiation is not supported #284

Secured Renegotiation is not supported #284

bufsnake commented Jan 31, 2024 •

edited

Loading

bufsnake commented Jan 31, 2024

gaukas commented Jan 31, 2024

gaukas commented Jan 31, 2024

bufsnake commented Jan 31, 2024

gaukas commented Jan 31, 2024

gaukas commented Jan 31, 2024

gaukas commented Jan 31, 2024 •

edited

Loading

gaukas commented Apr 10, 2024

gaukas commented Apr 10, 2024

gaukas commented Apr 10, 2024

Secured Renegotiation is not supported #284

Secured Renegotiation is not supported #284

Comments

bufsnake commented Jan 31, 2024 • edited Loading

bufsnake commented Jan 31, 2024

gaukas commented Jan 31, 2024

gaukas commented Jan 31, 2024

bufsnake commented Jan 31, 2024

gaukas commented Jan 31, 2024

gaukas commented Jan 31, 2024

gaukas commented Jan 31, 2024 • edited Loading

gaukas commented Apr 10, 2024

gaukas commented Apr 10, 2024

gaukas commented Apr 10, 2024

bufsnake commented Jan 31, 2024 •

edited

Loading

gaukas commented Jan 31, 2024 •

edited

Loading