mirrors/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-07-28 12:54:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

TLS: Force connection failed if ApplyECH failed

Browse source
This commit is contained in:
Fangliding 2025-07-26 21:15:59 +08:00
parent b6b51c51c8
commit 115825f65c
No known key found for this signature in database
GPG key ID: 67746ECEFA41C2B4
1 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
transport/internet/tls/ech.go
View file

@ -34,6 +34,13 @@ func ApplyECH(c *Config, config *tls.Config) error {
// for client
if len(c.EchConfigList) != 0 {
defer func() {
// if failed to get ECHConfig, use an invalid one to make connection fail
if err != nil {
ECHConfig = []byte{1, 1, 4, 5, 1, 4}
}
config.EncryptedClientHelloConfigList = ECHConfig
}()
// direct base64 config
if strings.Contains(c.EchConfigList, "://") {
// query config from dns
@ -61,8 +68,6 @@ func ApplyECH(c *Config, config *tls.Config) error {
return errors.New("Failed to unmarshal ECHConfigList: ", err)
}
}
config.EncryptedClientHelloConfigList = ECHConfig
}
// for server
@ -239,6 +244,7 @@ func dnsQuery(server string, domain string) ([]byte, uint32, error) {
}
conn.Write(msg)
udpResponse := make([]byte, 512)
conn.SetReadDeadline(time.Now().Add(5 * time.Second))
_, err = conn.Read(udpResponse)
if err != nil {
return []byte{}, 0, err