diff --git a/common/tls/utls_client.go b/common/tls/utls_client.go index 9fda43a3..a1836005 100644 --- a/common/tls/utls_client.go +++ b/common/tls/utls_client.go @@ -5,6 +5,7 @@ package tls import ( "crypto/tls" "crypto/x509" + "math/rand" "net" "net/netip" "os" @@ -159,6 +160,20 @@ func NewUTLSClient(router adapter.Router, serverAddress string, options option.O return &UTLSClientConfig{&tlsConfig, id}, nil } +var randomFingerprint utls.ClientHelloID + +func init() { + modernFingerprints := []utls.ClientHelloID{ + utls.HelloChrome_Auto, + utls.HelloFirefox_Auto, + utls.HelloEdge_Auto, + utls.HelloSafari_Auto, + utls.HelloIOS_Auto, + utls.HelloAndroid_11_OkHttp, + } + randomFingerprint = modernFingerprints[rand.Intn(len(modernFingerprints))] +} + func uTLSClientHelloID(name string) (utls.ClientHelloID, error) { switch name { case "chrome", "": @@ -178,7 +193,15 @@ func uTLSClientHelloID(name string) (utls.ClientHelloID, error) { case "android": return utls.HelloAndroid_11_OkHttp, nil case "random": - return utls.HelloRandomized, nil + return randomFingerprint, nil + case "randomized": + weights := utls.DefaultWeights + weights.TLSVersMax_Set_VersionTLS13 = 1 + weights.FirstKeyShare_Set_CurveP256 = 0 + randomized := utls.HelloRandomized + randomized.Seed, _ = utls.NewPRNGSeed() + randomized.Weights = &weights + return randomized, nil default: return utls.ClientHelloID{}, E.New("unknown uTLS fingerprint: ", name) } diff --git a/docs/configuration/shared/tls.md b/docs/configuration/shared/tls.md index d8ad42be..1cbab58e 100644 --- a/docs/configuration/shared/tls.md +++ b/docs/configuration/shared/tls.md @@ -218,6 +218,7 @@ Available fingerprint values: * ios * android * random +* randomized Chrome fingerprint will be used if empty. diff --git a/docs/configuration/shared/tls.zh.md b/docs/configuration/shared/tls.zh.md index 42cff9e2..4b974e2e 100644 --- a/docs/configuration/shared/tls.zh.md +++ b/docs/configuration/shared/tls.zh.md @@ -218,6 +218,7 @@ uTLS 是 "crypto/tls" 的一个分支,它提供了 ClientHello 指纹识别阻 * ios * android * random +* randomized 默认使用 chrome 指纹。