Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypted ClientHello - Missing? #199

Open
adrianmmiller opened this issue Apr 19, 2024 · 8 comments
Open

Encrypted ClientHello - Missing? #199

adrianmmiller opened this issue Apr 19, 2024 · 8 comments

Comments

@adrianmmiller
Copy link

System Details

  • OS: Windows 10
  • Thorium Version 122.0.6261.132 (Official Build) (64-bit)

Problem
Cannot pass Secure SNI on cloudflare test using Thorium when using dnscrypt-proxy, works fine with Firefox, Chrome and Chromium

Check for Encrypted ClientHello flags which exist in Chrome/Chromium - but none exist in Thorium
@narinishi
Copy link

Issue also affects Thorium for legacy Windows versions Alex313031/thorium-legacy#72

@gz83 gz83 mentioned this issue Apr 29, 2024
Closed
@gz83
Copy link
Collaborator

gz83 commented Apr 29, 2024

This issue seems to be related to the new algorithm recently deployed by Google, please try going to chrome://flags and turn enable-tls13-kyber off

@adrianmmiller
Copy link
Author

This issue seems to be related to the new algorithm recently deployed by Google, please try going to chrome://flags and turn enable-tls13-kyber off

Afraid its a still no goer.....

@gz83
Copy link
Collaborator

gz83 commented Apr 29, 2024

Have you updated to version M123? In addition, related problems may not be improved until the M124 version.

At the same time, this issue may also be related to some patches we use, and I need Alex to verify this issue.

@Alex313031

@adrianmmiller
Copy link
Author

adrianmmiller commented Apr 29, 2024
edited
Loading

Have you updated to version M123? In addition, related problems may not be improved until the M124 version.

At the same time, this issue may also be related to some patches we use, and I need Alex to verify this issue.

@Alex313031

Just tried latest (M123), no change sorry, and understood, thanks for the follow up

@Alex313031
Copy link
Owner

@gz83 @narinishi @adrianmmiller @eltociear I think this is related to the two DNS patches we use. One is from Ungoogled, the other is from Bromite.

They are always enabled and cannot be disabled except at the source code level. I don't want to remove them, because for the majority of cases, it works fine and hardens security. But what I will do (especially since you guys are not the first to report DNS problems in Thorium), is put them behind a chrome://flags flag. Something like "Disable Thorium DNS Config". This way it can be disabled via GUI.

@adrianmmiller
Copy link
Author

@gz83 @narinishi @adrianmmiller @eltociear I think this is related to the two DNS patches we use. One is from Ungoogled, the other is from Bromite.

They are always enabled and cannot be disabled except at the source code level. I don't want to remove them, because for the majority of cases, it works fine and hardens security. But what I will do (especially since you guys are not the first to report DNS problems in Thorium), is put them behind a chrome://flags flag. Something like "Disable Thorium DNS Config". This way it can be disabled via GUI.

Cant ask for a better response than that, cheers

@Alex313031
Copy link
Owner

@gz83 @narinishi @adrianmmiller @eltociear Here we go > Alex313031/thorium@840ec41

Also, @narinishi I added this to the thorium-legacy repo as well, so it will be present in the next builds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gz83 @Alex313031 @narinishi @adrianmmiller