From f69f6605de49c13f44006355d31ad9abaac3e060 Mon Sep 17 00:00:00 2001 From: 0x676e67 Date: Sun, 5 Jan 2025 12:29:22 +0800 Subject: [PATCH] feat(mimic): Add Tor browser `Firefox 128` mimic (#267) --- CHANGELOG.md | 16 ++++++++ README.md | 10 ++--- examples/impersonate.rs | 4 +- src/lib.rs | 8 ++-- src/mimic/chrome.rs | 46 +++++++++++----------- src/mimic/firefox.rs | 87 ++++++++++++++++++++++++++++++++++------- src/mimic/mod.rs | 8 +++- src/mimic/okhttp.rs | 6 +-- src/mimic/safari.rs | 66 +++++++++++++++---------------- src/tls/mod.rs | 9 +++++ 10 files changed, 175 insertions(+), 85 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bed145b3..cc677441 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,9 +4,25 @@ All notable changes to this project will be documented in this file. ## [unreleased] +### 🚀 Features + +- *(mimic)* Optional mimic http2 (#262) +- *(mimic)* Add Tor browser `Firefox 128` mimic (#265) + +### ⚙️ Miscellaneous Tasks + +- Simplify http2 configuration + +### Deps + +- *(pool)* Replace `futures_channel::mpsc` with `tokio::sync::mpsc` in Hyper (#264) + +## [1.3.2] - 2025-01-04 + ### ⚙️ Miscellaneous Tasks - Rename and update access scope +- Fix typo ## [1.3.0] - 2025-01-04 diff --git a/README.md b/README.md index 79da91a1..a6404e8d 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ An ergonomic, all-in-one `TLS`, `JA3`/`JA4`, and `HTTP2` fingerprint `HTTP` Clie - Cookie Store - HTTP Proxies - WebSocket Upgrade -- HTTPS via [BoringSSL](https://github.com/cloudflare/boring) +- HTTPS via BoringSSL - Preconfigured TLS and HTTP2 settings - Perfectly mimic Chrome, Safari, and Firefox @@ -42,9 +42,9 @@ use rquest::Impersonate; #[tokio::main] async fn main() -> Result<(), rquest::Error> { - // Build a client to mimic Chrome131 + // Build a client to mimic Firefox133 let client = rquest::Client::builder() - .impersonate(Impersonate::Chrome131) + .impersonate(Impersonate::Firefox133) .build()?; // Use the API you're already familiar with @@ -70,9 +70,9 @@ use rquest::{Impersonate, Client, Message}; #[tokio::main] async fn main() -> Result<(), rquest::Error> { - // Build a client to mimic Chrome131 + // Build a client to mimic Firefox133 let client = Client::builder() - .impersonate(Impersonate::Chrome131) + .impersonate(Impersonate::Firefox133) .build()?; // Use the API you're already familiar with diff --git a/examples/impersonate.rs b/examples/impersonate.rs index 7452543f..ea03b84e 100644 --- a/examples/impersonate.rs +++ b/examples/impersonate.rs @@ -2,9 +2,9 @@ use rquest::Impersonate; #[tokio::main] async fn main() -> Result<(), rquest::Error> { - // Build a client to mimic Firefox117 + // Build a client to mimic Firefox128 let client = rquest::Client::builder() - .impersonate(Impersonate::Firefox117) + .impersonate(Impersonate::Firefox128) .build()?; let resp = client.get("https://tls.peet.ws/api/all").send().await?; diff --git a/src/lib.rs b/src/lib.rs index 13f4538c..dd65e4a3 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -31,9 +31,9 @@ //! //! #[tokio::main] //! async fn main() -> Result<(), rquest::Error> { -//! // Build a client to mimic Chrome131 +//! // Build a client to mimic Firefox133 //! let client = rquest::Client::builder() -//! .impersonate(Impersonate::Chrome131) +//! .impersonate(Impersonate::Firefox133) //! .build()?; //! //! // Use the API you're already familiar with @@ -54,9 +54,9 @@ //! //! #[tokio::main] //! async fn main() -> Result<(), rquest::Error> { -//! // Build a client to mimic Chrome131 +//! // Build a client to mimic Firefox133 //! let websocket = Client::builder() -//! .impersonate(Impersonate::Chrome131) +//! .impersonate(Impersonate::Firefox133) //! .build()? //! .websocket("wss://echo.websocket.org") //! .send() diff --git a/src/mimic/chrome.rs b/src/mimic/chrome.rs index 9c99d644..81c21556 100644 --- a/src/mimic/chrome.rs +++ b/src/mimic/chrome.rs @@ -71,9 +71,9 @@ macro_rules! http2_settings { .max_concurrent_streams(1000) .max_header_list_size(262144) .header_table_size(65536) - .headers_priority(super::HEADER_PRIORITY) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }}; (2) => {{ @@ -84,9 +84,9 @@ macro_rules! http2_settings { .max_header_list_size(262144) .header_table_size(65536) .enable_push(false) - .headers_priority(super::HEADER_PRIORITY) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }}; (3) => {{ @@ -96,9 +96,9 @@ macro_rules! http2_settings { .max_header_list_size(262144) .header_table_size(65536) .enable_push(false) - .headers_priority(super::HEADER_PRIORITY) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }}; } @@ -135,18 +135,18 @@ fn header_initializer_with_zstd_priority(sec_ch_ua: &'static str, ua: &'static s } mod tls { - use crate::{mimic::tls_imports::*, tls::AlpsProto}; + use crate::mimic::tls_imports::*; - pub const CURVES: &[SslCurve] = &[SslCurve::X25519, SslCurve::SECP256R1, SslCurve::SECP384R1]; + pub const CURVES_1: &[SslCurve] = &[SslCurve::X25519, SslCurve::SECP256R1, SslCurve::SECP384R1]; - pub const NEW_CURVES_1: &[SslCurve] = &[ + pub const CURVES_2: &[SslCurve] = &[ SslCurve::X25519_KYBER768_DRAFT00, SslCurve::X25519, SslCurve::SECP256R1, SslCurve::SECP384R1, ]; - pub const NEW_CURVES_2: &[SslCurve] = &[ + pub const CURVES_3: &[SslCurve] = &[ SslCurve::X25519_MLKEM768, SslCurve::X25519, SslCurve::SECP256R1, @@ -189,7 +189,7 @@ mod tls { #[derive(TypedBuilder)] pub struct ChromeTlsSettings { - #[builder(default = CURVES)] + #[builder(default = CURVES_1)] curves: &'static [SslCurve], #[builder(default = SIGALGS_LIST)] @@ -388,7 +388,7 @@ mod_generator!( mod_generator!( v124, - tls_settings!(6, NEW_CURVES_1), + tls_settings!(6, CURVES_2), http2_settings!(3), header_initializer_with_zstd, r#""Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99""#, @@ -397,7 +397,7 @@ mod_generator!( mod_generator!( v126, - tls_settings!(6, NEW_CURVES_1), + tls_settings!(6, CURVES_2), http2_settings!(3), header_initializer_with_zstd, r#""Chromium";v="126", "Google Chrome";v="126", "Not-A.Brand";v="99""#, @@ -406,7 +406,7 @@ mod_generator!( mod_generator!( v127, - tls_settings!(6, NEW_CURVES_1), + tls_settings!(6, CURVES_2), http2_settings!(3), header_initializer_with_zstd, r#""Not/A)Brand";v="8", "Chromium";v="127", "Google Chrome";v="127""#, @@ -415,7 +415,7 @@ mod_generator!( mod_generator!( v128, - tls_settings!(6, NEW_CURVES_1), + tls_settings!(6, CURVES_2), http2_settings!(3), header_initializer, r#""Chromium";v="128", "Google Chrome";v="128", "Not?A_Brand";v="99""#, @@ -424,7 +424,7 @@ mod_generator!( mod_generator!( v129, - tls_settings!(6, NEW_CURVES_1), + tls_settings!(6, CURVES_2), http2_settings!(3), header_initializer_with_zstd_priority, r#""Google Chrome";v="129", "Chromium";v="129", "Not_A Brand\";v="24""#, @@ -433,7 +433,7 @@ mod_generator!( mod_generator!( v130, - tls_settings!(6, NEW_CURVES_1), + tls_settings!(6, CURVES_2), http2_settings!(3), header_initializer_with_zstd_priority, r#""Chromium";v="130", "Google Chrome";v="130", "Not?A_Brand";v="99""#, @@ -442,7 +442,7 @@ mod_generator!( mod_generator!( v131, - tls_settings!(6, NEW_CURVES_2), + tls_settings!(6, CURVES_3), http2_settings!(3), header_initializer_with_zstd_priority, r#""Google Chrome";v="131", "Chromium";v="131", "Not_A Brand\";v="24""#, @@ -469,7 +469,7 @@ mod_generator!( mod_generator!( edge127, - tls_settings!(6, NEW_CURVES_1), + tls_settings!(6, CURVES_2), http2_settings!(3), header_initializer_with_zstd_priority, r#""Not)A;Brand";v="99", "Microsoft Edge";v="127", "Chromium";v="127""#, @@ -478,7 +478,7 @@ mod_generator!( mod_generator!( edge131, - tls_settings!(6, NEW_CURVES_2), + tls_settings!(6, CURVES_3), http2_settings!(3), header_initializer_with_zstd_priority, r#""Microsoft Edge";v="131", "Chromium";v="131", "Not_A Brand";v="24""#, diff --git a/src/mimic/firefox.rs b/src/mimic/firefox.rs index 69af82ec..21c14155 100644 --- a/src/mimic/firefox.rs +++ b/src/mimic/firefox.rs @@ -24,7 +24,7 @@ macro_rules! mod_generator { macro_rules! tls_settings { (1) => {{ FirefoxTlsSettings::builder() - .cert_compression_algorithm(super::CERT_COMPRESSION_ALGORITHM) + .cert_compression_algorithm(CERT_COMPRESSION_ALGORITHM) .enable_ech_grease(true) .pre_shared_key(true) .psk_skip_session_tickets(true) @@ -34,7 +34,18 @@ macro_rules! tls_settings { }}; (2) => {{ FirefoxTlsSettings::builder() - .curves(super::OLD_CURVES) + .curves(CURVES_1) + .key_shares_length_limit(2) + .build() + .into() + }}; + (3) => {{ + FirefoxTlsSettings::builder() + .cipher_list(CIPHER_LIST_2) + .curves(CURVES_1) + .session_ticket(false) + .enable_ech_grease(true) + .psk_dhe_ke(false) .key_shares_length_limit(2) .build() .into() @@ -50,9 +61,9 @@ macro_rules! http2_settings { .initial_stream_window_size(131072) .max_frame_size(16384) .initial_connection_window_size(12517377 + 65535) - .headers_priority(super::HEADER_PRIORITY) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }}; (2) => {{ @@ -63,9 +74,23 @@ macro_rules! http2_settings { .max_frame_size(16384) .initial_connection_window_size(12517377 + 65535) .headers_priority((13, 41, false)) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) - .priority(Cow::Borrowed(super::PRIORITY.as_slice())) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) + .priority(Cow::Borrowed(PRIORITY.as_slice())) + .build() + }}; + (3) => {{ + Http2Settings::builder() + .initial_stream_id(3) + .header_table_size(65536) + .enable_push(false) + .max_concurrent_streams(0) + .initial_stream_window_size(131072) + .max_frame_size(16384) + .initial_connection_window_size(12517377 + 65535) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }}; } @@ -95,7 +120,7 @@ fn header_initializer_with_zstd(ua: &'static str) -> HeaderMap { mod tls { use crate::mimic::tls_imports::*; - pub const OLD_CURVES: &[SslCurve] = &[ + pub const CURVES_1: &[SslCurve] = &[ SslCurve::X25519, SslCurve::SECP256R1, SslCurve::SECP384R1, @@ -104,7 +129,7 @@ mod tls { SslCurve::FFDHE3072, ]; - pub const CURVES: &[SslCurve] = &[ + pub const CURVES_2: &[SslCurve] = &[ SslCurve::X25519_MLKEM768, SslCurve::X25519, SslCurve::SECP256R1, @@ -114,7 +139,7 @@ mod tls { SslCurve::FFDHE3072, ]; - pub const CIPHER_LIST: &str = join!( + pub const CIPHER_LIST_1: &str = join!( ":", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256", @@ -135,6 +160,25 @@ mod tls { "TLS_RSA_WITH_AES_256_CBC_SHA" ); + pub const CIPHER_LIST_2: &str = join!( + ":", + "TLS_AES_128_GCM_SHA256", + "TLS_CHACHA20_POLY1305_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA" + ); + pub const SIGALGS_LIST: &str = join!( ":", "ecdsa_secp256r1_sha256", @@ -200,15 +244,18 @@ mod tls { #[derive(TypedBuilder)] pub struct FirefoxTlsSettings { - #[builder(default = CURVES)] + #[builder(default = CURVES_2)] curves: &'static [SslCurve], #[builder(default = SIGALGS_LIST)] sigalgs_list: &'static str, - #[builder(default = CIPHER_LIST)] + #[builder(default = CIPHER_LIST_1)] cipher_list: &'static str, + #[builder(default = true)] + session_ticket: bool, + #[builder(default = false, setter(into))] enable_ech_grease: bool, @@ -227,6 +274,9 @@ mod tls { #[builder(default, setter(into))] key_shares_length_limit: Option, + #[builder(default = true, setter(into))] + psk_dhe_ke: bool, + #[builder(default, setter(into))] cert_compression_algorithm: Option<&'static [CertCompressionAlgorithm]>, @@ -240,6 +290,7 @@ mod tls { .curves(Cow::Borrowed(val.curves)) .sigalgs_list(Cow::Borrowed(val.sigalgs_list)) .cipher_list(Cow::Borrowed(val.cipher_list)) + .session_ticket(val.session_ticket) .delegated_credentials(Cow::Borrowed(val.delegated_credentials)) .record_size_limit(val.record_size_limit) .enable_ocsp_stapling(true) @@ -251,6 +302,7 @@ mod tls { .key_shares_length_limit(val.key_shares_length_limit) .pre_shared_key(val.pre_shared_key) .psk_skip_session_ticket(val.psk_skip_session_tickets) + .psk_dhe_ke(val.psk_dhe_ke) .extension_permutation_indices(Cow::Borrowed(val.extension_permutation_indices)) .build() } @@ -259,7 +311,6 @@ mod tls { mod http2 { use crate::mimic::http2_imports::*; - use hyper2::{Priority, StreamDependency, StreamId}; pub const HEADER_PRIORITY: (u32, u8, bool) = (0, 41, false); @@ -322,6 +373,14 @@ mod_generator!( "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" ); +mod_generator!( + ff128, + tls_settings!(3), + http2_settings!(3), + header_initializer_with_zstd, + "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0" +); + mod_generator!( ff133, tls_settings!(1), diff --git a/src/mimic/mod.rs b/src/mimic/mod.rs index 7b235fe3..a6457571 100644 --- a/src/mimic/mod.rs +++ b/src/mimic/mod.rs @@ -33,7 +33,9 @@ mod impersonate_imports { } mod tls_imports { - pub use crate::tls::{AlpnProtos, CertCompressionAlgorithm, TlsSettings, TlsVersion}; + pub use crate::tls::{ + AlpnProtos, AlpsProto, CertCompressionAlgorithm, TlsSettings, TlsVersion, + }; pub use boring::ssl::{ExtensionType, SslCurve}; pub use std::borrow::Cow; pub use typed_builder::TypedBuilder; @@ -42,6 +44,7 @@ mod tls_imports { mod http2_imports { pub use hyper2::PseudoOrder::{self, *}; pub use hyper2::SettingsOrder::{self, *}; + pub use hyper2::{Priority, StreamDependency, StreamId}; pub use std::sync::LazyLock; } @@ -119,6 +122,7 @@ pub fn impersonate(ver: Impersonate, with_headers: bool) -> ImpersonateSettings Firefox109 => ff109::settings, Firefox117 => ff117::settings, + Firefox128 => ff128::settings, Firefox133 => ff133::settings ) } @@ -181,6 +185,7 @@ pub enum Impersonate { Firefox109, Firefox117, + Firefox128, Firefox133, } @@ -241,5 +246,6 @@ impl_from_str! { (Firefox109, "firefox_109"), (Firefox117, "firefox_117"), + (Firefox128, "firefox_128"), (Firefox133, "firefox_133"), } diff --git a/src/mimic/okhttp.rs b/src/mimic/okhttp.rs index 2c2e0078..217935f5 100644 --- a/src/mimic/okhttp.rs +++ b/src/mimic/okhttp.rs @@ -36,9 +36,9 @@ macro_rules! http2_settings { .max_concurrent_streams(1000) .max_header_list_size(262144) .header_table_size(65536) - .headers_priority(super::HEADER_PRIORITY) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }; } diff --git a/src/mimic/safari.rs b/src/mimic/safari.rs index 22e917d3..591aa890 100644 --- a/src/mimic/safari.rs +++ b/src/mimic/safari.rs @@ -41,9 +41,9 @@ macro_rules! http2_settings { .initial_stream_window_size(2097152) .initial_connection_window_size(10551295) .max_concurrent_streams(100) - .headers_priority(super::HEADER_PRIORITY) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }}; (2) => {{ @@ -52,9 +52,9 @@ macro_rules! http2_settings { .initial_connection_window_size(10551295) .max_concurrent_streams(100) .enable_push(false) - .headers_priority(super::HEADER_PRIORITY) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }}; (3) => {{ @@ -65,9 +65,9 @@ macro_rules! http2_settings { .enable_push(false) .unknown_setting8(true) .unknown_setting9(true) - .headers_priority(super::NEW_HEADER_PRIORITY) - .headers_pseudo_order(super::NEW_HEADERS_PSEUDO_ORDER) - .settings_order(super::NEW_SETTINGS_ORDER) + .headers_priority(NEW_HEADER_PRIORITY) + .headers_pseudo_order(NEW_HEADERS_PSEUDO_ORDER) + .settings_order(NEW_SETTINGS_ORDER) .build() }}; (4) => {{ @@ -75,9 +75,9 @@ macro_rules! http2_settings { .initial_stream_window_size(4194304) .initial_connection_window_size(10551295) .max_concurrent_streams(100) - .headers_priority(super::HEADER_PRIORITY) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }}; (5) => {{ @@ -86,9 +86,9 @@ macro_rules! http2_settings { .initial_connection_window_size(10551295) .max_concurrent_streams(100) .enable_push(false) - .headers_priority(super::HEADER_PRIORITY) - .headers_pseudo_order(super::HEADERS_PSEUDO_ORDER) - .settings_order(super::SETTINGS_ORDER) + .headers_priority(HEADER_PRIORITY) + .headers_pseudo_order(HEADERS_PSEUDO_ORDER) + .settings_order(SETTINGS_ORDER) .build() }}; } @@ -161,7 +161,7 @@ mod tls { SslCurve::SECP521R1, ]; - pub const CIPHER_LIST: &str = join!( + pub const CIPHER_LIST_1: &str = join!( ":", "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", @@ -191,7 +191,7 @@ mod tls { "TLS_RSA_WITH_3DES_EDE_CBC_SHA" ); - pub const NEW_CIPHER_LIST: &str = join!( + pub const CIPHER_LIST_2: &str = join!( ":", "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", @@ -309,7 +309,7 @@ mod http2 { mod_generator!( safari15_3, - tls_settings!(1, CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_1), http2_settings!(4), header_initializer_for_15, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15" @@ -317,7 +317,7 @@ mod_generator!( mod_generator!( safari15_5, - tls_settings!(1, CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_1), http2_settings!(4), header_initializer_for_15, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15" @@ -325,7 +325,7 @@ mod_generator!( mod_generator!( safari15_6_1, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(4), header_initializer_for_15, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15" @@ -333,7 +333,7 @@ mod_generator!( mod_generator!( safari16, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(4), header_initializer_for_16_17, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15" @@ -341,7 +341,7 @@ mod_generator!( mod_generator!( safari16_5, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(4), header_initializer_for_16_17, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15" @@ -349,7 +349,7 @@ mod_generator!( mod_generator!( safari_ios_16_5, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(1), header_initializer_for_16_17, "Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1" @@ -357,7 +357,7 @@ mod_generator!( mod_generator!( safari17_0, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(5), header_initializer_for_16_17, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15" @@ -365,7 +365,7 @@ mod_generator!( mod_generator!( safari17_2_1, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(5), header_initializer_for_16_17, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15" @@ -373,7 +373,7 @@ mod_generator!( mod_generator!( safari17_4_1, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(4), header_initializer_for_16_17, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15" @@ -381,7 +381,7 @@ mod_generator!( mod_generator!( safari17_5, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(5), header_initializer_for_16_17, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15" @@ -389,7 +389,7 @@ mod_generator!( mod_generator!( safari_ios_17_2, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(2), header_initializer_for_16_17, "Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Mobile/15E148 Safari/604.1" @@ -397,7 +397,7 @@ mod_generator!( mod_generator!( safari_ios_17_4_1, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(2), header_initializer_for_16_17, "Mozilla/5.0 (iPad; CPU OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1" @@ -405,7 +405,7 @@ mod_generator!( mod_generator!( safari_ipad_18, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(3), header_initializer_for_18, "Mozilla/5.0 (iPad; CPU OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" @@ -413,7 +413,7 @@ mod_generator!( mod_generator!( safari18, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(3), header_initializer_for_18, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15" @@ -421,7 +421,7 @@ mod_generator!( mod_generator!( safari_ios_18_1_1, - tls_settings!(1, NEW_CIPHER_LIST), + tls_settings!(1, CIPHER_LIST_2), http2_settings!(3), header_initializer_for_18, "Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Mobile/15E148 Safari/604.1" @@ -429,7 +429,7 @@ mod_generator!( mod_generator!( safari18_2, - tls_settings!(2, NEW_CIPHER_LIST, NEW_SIGALGS_LIST), + tls_settings!(2, CIPHER_LIST_2, NEW_SIGALGS_LIST), http2_settings!(3), header_initializer_for_18, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15" diff --git a/src/tls/mod.rs b/src/tls/mod.rs index 1c05340e..fc315551 100644 --- a/src/tls/mod.rs +++ b/src/tls/mod.rs @@ -56,6 +56,10 @@ impl BoringTlsConnector { connector.set_options(SslOptions::NO_TICKET); } + if !settings.psk_dhe_ke { + connector.set_options(SslOptions::NO_PSK_DHE_KE); + } + if let Some(grease_enabled) = settings.grease_enabled { connector.set_grease_enabled(grease_enabled); } @@ -399,6 +403,11 @@ pub struct TlsSettings { #[builder(default, setter(into))] pub key_shares_length_limit: Option, + /// Sets PSK with (EC)DHE key establishment (psk_dhe_ke) + /// [Reference](https://github.com/openssl/openssl/issues/13918) + #[builder(default = true)] + pub psk_dhe_ke: bool, + /// Sets the context's extension permutation indices. #[builder(default, setter(into))] pub extension_permutation_indices: Option>,