Update module github.com/refraction-networking/utls to v1.7.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/refraction-networking/utls	v1.3.2 → v1.7.0

GitHub Vulnerability Alerts

GHSA-pmc3-p9hx-jq96

Description

Before version 1.7.0, utls did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a utls ClientHello spec. This allowed an active network adversary to downgrade TLS 1.3 connections initiated by a utls client to a lower TLS version (e.g., TLS 1.2) by modifying the ClientHello message to exclude the SupportedVersions extension, causing the server to respond with a TLS 1.2 ServerHello (along with a downgrade canary in the ServerHello random field). Because utls did not check the downgrade canary in the ServerHello random field, clients would accept the downgraded connection without detecting the attack. This attack could also be used by an active network attacker to fingerprint utls connections.

Fix Commit or Pull Request

refraction-networking/utls#337, specifically refraction-networking/utls@f889276

References

• https://github.com/refraction-networking/utls/issues/181

---

Release Notes

refraction-networking/utls (github.com/refraction-networking/utls)

v1.7.0

Compare Source

What's Changed

• Fix Config.InsecureSkipTimeVerify not being respected by @​adotkhan in #​303
• Fixes session ticket / PSK not set by @​adotkhan in #​302
• fix: generate ClientHelloSpec only once by @​adotkhan in #​306
• fix: extMasterSecret mismatch with extended_master_secret extension by @​adotkhan in #​307
• Merge changes from go 1.23.4 by @​mingyech in #​323
• build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 by @​dependabot in #​326
• Merge changes from go 1.24.0 by @​mingyech in #​329
• Add Chrome 131 parrot and ML-KEM support by @​BRUHItsABunny in #​322
• feat: add support for ECH when using custom clienthello specs by @​mingyech in #​331
• Fix check for TLS downgrade canary by @​mingyech in #​337
• build(deps): bump golang.org/x/net from 0.33.0 to 0.38.0 by @​dependabot in #​336

New Contributors

• @​mingyech made their first contribution in #​323
• @​BRUHItsABunny made their first contribution in #​322

Full Changelog: refraction-networking/utls@v1.6.7...v1.7.0

v1.6.7: Allow inspecting Client Hello before locking Session/PSK

Compare Source

What's Changed

• Allow BuildHandshakeState to inspect ClientHello before setting SessionTicket/PSK by @​adotkhan in #​301

Full Changelog: refraction-networking/utls@v1.6.6...v1.6.7

v1.6.6: Hotfix: QUIC must not send non-empty session ID by RFC

Compare Source

What's Changed

• quic: always use empty session ID by @​gaukas in #​297

Full Changelog: refraction-networking/utls@v1.6.5...v1.6.6

v1.6.5: Popular Firefox 120 parrot and deps update

Compare Source

What's Changed

• build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0 by @​dependabot in #​293
• Update Firefox 120 parrot to a more popular version by @​adotkhan in #​296

New Contributors

• @​adotkhan made their first contribution in #​296

Full Changelog: refraction-networking/utls@v1.6.4...v1.6.5

v1.6.4: bugfix: UConn incorrectly inherits Conn methods

Compare Source

What's Changed

• build(deps): bump github.com/quic-go/quic-go from 0.40.1 to 0.42.0 by @​dependabot in #​289
• fix: (*UConn).Read() and Secure Renegotiation by @​gaukas in #​292

Full Changelog: refraction-networking/utls@v1.6.3...v1.6.4

v1.6.3: Cryptographically Secured Shuffle

Compare Source

Don't panic! This does not cause any significant security concern, since modern platforms are doing fine with limited randomness from math/rand. This patch is for some much restrictive platforms such as WebAssembly -- on which math/rand may generate deterministic output (e.g., same random number series from each cold start).

What's Changed

• security: crypto/rand ShuffleChromeTLSExtensions by @​gaukas in #​286

Full Changelog: refraction-networking/utls@v1.6.2...v1.6.3

v1.6.2: Dependency and Upstream Update

Compare Source

What's Changed

• deps: bump all deps to latest by @​gaukas in #​279
• ⬆️ sync: merge changes from golang/go@​1.22 release branch by @​gaukas in #​280

Full Changelog: refraction-networking/utls@v1.6.1...v1.6.2

v1.6.1: Hotfix: kyberslash2

Compare Source

Security Warning

This is a security update fixing kyberslash2, a timing side-channel attack against CIRCL library used by uTLS.

What's Changed

• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @​dependabot in #​273
• feat: parse GREASE ECH from raw by @​gaukas in #​276
• build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 by @​dependabot in #​277

Full Changelog: refraction-networking/utls@v1.6.0...v1.6.1

v1.6.0: One step closer to ECH

Compare Source

What's New

• We now have GREASE ECH parrots (Chrome 120, Firefox 120) available!

What's Changed

• improvement: cleanup by @​VeNoMouS in #​253
• build(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 by @​dependabot in #​254
• Deprecate usage of OmitEmptyPsk field in PreSharedKeyExtension (closes #​255) by @​sleeyax in #​256
• sync: go 1.21.4 by @​gaukas in #​261
• fix: no padding if raw clienthello is too short by @​gaukas in #​263
• new: vendor godicttls package by @​gaukas in #​265
• feat: add GREASEEncryptedClientHelloExtension by @​gaukas in #​266
• feat: chrome 120 non-pq client hello by @​hax0r31337 in #​268
• bump: firefox and chrome auto parrot to latest by @​gaukas in #​269
• fix: grease ech parrot for chrome 120 by @​hax0r31337 in #​271
• fix: incorrect firefox nss parrot ECH params by @​gaukas in #​272

New Contributors

• @​sleeyax made their first contribution in #​256
• @​hax0r31337 made their first contribution in #​268

Full Changelog: refraction-networking/utls@v1.5.4...v1.6.0

v1.5.4: Maintenance: bugfix and undo breaking API

Compare Source

What's Changed

• fix link to issues by @​acheong08 in #​244
• fix: sanity check status request v2 extension data (#​246) by @​VeNoMouS in #​247
• feat: add an option to skip resumption on nil ext & update examples by @​3andne in #​239
• fix: Reuse existing PreSharedKeyExtension bug (#​248) by @​VeNoMouS in #​251
• improvement: maintenance+cleanup+fix by @​gaukas in #​252

New Contributors

• @​acheong08 made their first contribution in #​244
• @​VeNoMouS made their first contribution in #​247

Full Changelog: refraction-networking/utls@v1.5.3...v1.5.4

v1.5.3: Hotfix: secondary key share

Compare Source

What's Changed

• fix: secondary keyshares may be lost after overriding keySharesParams by @​gaukas in #​238

Full Changelog: refraction-networking/utls@v1.5.2...v1.5.3

v1.5.2: bugfix

Compare Source

What's Changed

• Fix removing session state by @​own2pwn in #​236
• sync: Go 1.21.0 breaking change by @​gaukas in fc79497

New Contributors

• @​own2pwn made their first contribution in #​236

Full Changelog: refraction-networking/utls@v1.5.0...v1.5.2

v1.5.1

Compare Source

v1.5.0: Post-Quantum and Session Resumption

Compare Source

What's Changed

• uTLS: X25519Kyber768Draft00 hybrid post-quantum key agreement by @​gaukas in #​223
• new: Support TLS-PSK (TLS 1.3) by @​gaukas, @​zeeker999 and @​3andne in #​231

A big shout out to @​3andne for spending time on major refactoring/revision in the Session Resumption for both TLS 1.2 (SessionTicket-based) and TLS 1.3 (PreSharedKey-based)!

New API

type ISessionTicketExtension interface {
	TLSExtension

	// If false is returned, utls will invoke `InitializeByUtls()` for the necessary initialization.
	Initializable

	// InitializeByUtls is invoked when IsInitialized() returns false.
	// It initializes the extension using a real and valid TLS 1.2 session.
	InitializeByUtls(session *SessionState, ticket []byte)

	GetSession() *SessionState

	GetTicket() []byte
}

// SetSessionTicket sets the session ticket extension.
// If extension is nil, this will be a no-op.
func (uconn *UConn) SetSessionTicketExtension(sessionTicketExt ISessionTicketExtension)

type PreSharedKeyExtension interface {
	// TLSExtension must be implemented by all PreSharedKeyExtension implementations.
	TLSExtension

	// If false is returned, utls will invoke `InitializeByUtls()` for the necessary initialization.
	Initializable

	SetOmitEmptyPsk(val bool)

	// InitializeByUtls is invoked when IsInitialized() returns false.
	// It initializes the extension using a real and valid TLS 1.3 session.
	InitializeByUtls(session *SessionState, earlySecret []byte, binderKey []byte, identities []PskIdentity)

	// GetPreSharedKeyCommon retrieves the final PreSharedKey-related states as defined in PreSharedKeyCommon.
	GetPreSharedKeyCommon() PreSharedKeyCommon

	// PatchBuiltHello is called once the hello message is fully applied and marshaled.
	// Its purpose is to update the binders of PSK (Pre-Shared Key) identities.
	PatchBuiltHello(hello *PubClientHelloMsg) error

	mustEmbedUnimplementedPreSharedKeyExtension() // this works like a type guard
}

// SetPskExtension sets the psk extension for tls 1.3 resumption. This is a no-op if the psk is nil.
func (uconn *UConn) SetPskExtension(pskExt PreSharedKeyExtension) error

Full Changelog: refraction-networking/utls@v1.4.3...v1.5.0

v1.4.3: Buggy versions retracted

Compare Source

Retract v1.4.0, v1.4.1 for a breaking change made by crypto/tls in client handshake. This tag contains no code change from v1.4.2 since v1.4.2 patches the exact bug in the retracted versions.

What's Changed

• retract v1.4.1 panic by @​trungdlp-wolffun in #​220

New Contributors

• @​trungdlp-wolffun made their first contribution in #​220

Full Changelog: refraction-networking/utls@v1.4.2...v1.4.3

v1.4.2: Hotfix: ClientSessionCache

Compare Source

Provide a dirty fix for a bug(?) triggered when Config.ClientSessionCache is nil and session_ticket is received from a server.

v1.4.1: Go above and beyond

Compare Source

Security Fix

• Fixes CVE-2023-29409 in #​208

What's New

• Feature: QUIC Transport from Go 1.21
• Oldest supported Go version: 1.19 1.20
  • Go 1.19 is retiring :( sorry children

What's Changed

• workflow: add more version build/test actions by @​gaukas in #​203
• fix: workflow naming convention by @​gaukas in #​204
• Fix zlib cert decompression by ignoring EOF by @​hwh33 in #​206
• sync: Go 1.21 with QUIC support by @​gaukas in #​208
• ci: update names and badges for CI actions by @​gaukas in #​211
• fix: don't deref nil ptr by @​3andne in #​214
• fix: poorly named qtps by @​gaukas in #​215
• RELEASE: Go 1.21 by @​gaukas in #​216

New Contributors

• @​3andne made their first contribution in #​214

Full Changelog: refraction-networking/utls@v1.3.3...v1.4.1

v1.4.0

Compare Source

v1.3.3: Compatibility and Optimization

Compare Source

What's Changed

• import: use remote cpu package by @​gaukas in #​195
• fix: allow TLS 1.3 as min TLS version by @​gaukas in #​194
• fix: removed redundant assignment by @​gaukas in #​184

Full Changelog: refraction-networking/utls@v1.3.2...v1.3.3

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 6 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.20 -> 1.24.0
golang.org/x/net	v0.10.0 -> v0.38.0
github.com/andybalholm/brotli	v1.0.5 -> v1.0.6
github.com/klauspost/compress	v1.16.5 -> v1.17.4
golang.org/x/crypto	v0.9.0 -> v0.36.0
golang.org/x/sys	v0.8.0 -> v0.31.0
golang.org/x/text	v0.9.0 -> v0.23.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 6 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.20 -> 1.24.0
golang.org/x/net	v0.10.0 -> v0.38.0
github.com/andybalholm/brotli	v1.0.5 -> v1.0.6
github.com/klauspost/compress	v1.16.5 -> v1.17.4
golang.org/x/crypto	v0.9.0 -> v0.36.0
golang.org/x/sys	v0.8.0 -> v0.31.0
golang.org/x/text	v0.9.0 -> v0.23.0