Skip to content

Commit 01695ba

Browse files
gallypettegallypette
committed
fix [ja3] grease values were not checked on elliptic curves extensions
1 parent 864fc59 commit 01695ba

File tree

1 file changed

+14
-7
lines changed

1 file changed

+14
-7
lines changed

d4tls/fingerprinter.go

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -10,14 +10,17 @@ import (
1010
"github.com/glaslos/tlsh"
1111
)
1212

13+
// see https://tools.ietf.org/html/draft-ietf-tls-grease-02
14+
// grease values for cipher suites, ALPN and identifiers,
15+
// extensions, named groups, signatur algorithms, and versions.
1316
var grease = map[uint16]bool{
1417
0x0a0a: true, 0x1a1a: true, 0x2a2a: true, 0x3a3a: true,
1518
0x4a4a: true, 0x5a5a: true, 0x6a6a: true, 0x7a7a: true,
1619
0x8a8a: true, 0x9a9a: true, 0xaaaa: true, 0xbaba: true,
1720
0xcaca: true, 0xdada: true, 0xeaea: true, 0xfafa: true,
1821
}
1922

20-
// D4Fingerprinting computes fingerprints doh
23+
// D4Fingerprinting computes fingerprints
2124
func (t *TLSSession) D4Fingerprinting(fd string) bool {
2225
switch fd {
2326
case "ja3":
@@ -117,9 +120,11 @@ func (t *TLSSession) ja3() bool {
117120
// If there are Supported Curves
118121
if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) > 0 {
119122
for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves {
120-
buf = strconv.AppendInt(buf, int64(cs), 10)
121-
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) {
122-
buf = append(buf, byte(45))
123+
if grease[uint16(cs)] == false {
124+
buf = strconv.AppendInt(buf, int64(cs), 10)
125+
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedCurves) {
126+
buf = append(buf, byte(45))
127+
}
123128
}
124129
}
125130
}
@@ -128,9 +133,11 @@ func (t *TLSSession) ja3() bool {
128133
// If there are Supported Points
129134
if len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) > 0 {
130135
for i, cs := range t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints {
131-
buf = strconv.AppendInt(buf, int64(cs), 10)
132-
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) {
133-
buf = append(buf, byte(45))
136+
if grease[uint16(cs)] == false {
137+
buf = strconv.AppendInt(buf, int64(cs), 10)
138+
if (i + 1) < len(t.handShakeRecord.ETLSHandshakeClientHello.SupportedPoints) {
139+
buf = append(buf, byte(45))
140+
}
134141
}
135142
}
136143
}

0 commit comments

Comments
 (0)