MCPcopy Index your code
hub / github.com/XTLS/REALITY / illegalClientHelloChange

Function illegalClientHelloChange

handshake_server_tls13.go:769–822  ·  view source on GitHub ↗

illegalClientHelloChange reports whether the two ClientHello messages are different, with the exception of the changes allowed before and after a HelloRetryRequest. See RFC 8446, Section 4.1.2.

(ch, ch1 *clientHelloMsg)

Source from the content-addressed store, hash-verified

767// different, with the exception of the changes allowed before and after a
768// HelloRetryRequest. See RFC 8446, Section 4.1.2.
769func illegalClientHelloChange(ch, ch1 *clientHelloMsg) bool {
770 if len(ch.supportedVersions) != len(ch1.supportedVersions) ||
771 len(ch.cipherSuites) != len(ch1.cipherSuites) ||
772 len(ch.supportedCurves) != len(ch1.supportedCurves) ||
773 len(ch.supportedSignatureAlgorithms) != len(ch1.supportedSignatureAlgorithms) ||
774 len(ch.supportedSignatureAlgorithmsCert) != len(ch1.supportedSignatureAlgorithmsCert) ||
775 len(ch.alpnProtocols) != len(ch1.alpnProtocols) {
776 return true
777 }
778 for i := range ch.supportedVersions {
779 if ch.supportedVersions[i] != ch1.supportedVersions[i] {
780 return true
781 }
782 }
783 for i := range ch.cipherSuites {
784 if ch.cipherSuites[i] != ch1.cipherSuites[i] {
785 return true
786 }
787 }
788 for i := range ch.supportedCurves {
789 if ch.supportedCurves[i] != ch1.supportedCurves[i] {
790 return true
791 }
792 }
793 for i := range ch.supportedSignatureAlgorithms {
794 if ch.supportedSignatureAlgorithms[i] != ch1.supportedSignatureAlgorithms[i] {
795 return true
796 }
797 }
798 for i := range ch.supportedSignatureAlgorithmsCert {
799 if ch.supportedSignatureAlgorithmsCert[i] != ch1.supportedSignatureAlgorithmsCert[i] {
800 return true
801 }
802 }
803 for i := range ch.alpnProtocols {
804 if ch.alpnProtocols[i] != ch1.alpnProtocols[i] {
805 return true
806 }
807 }
808 return ch.vers != ch1.vers ||
809 !bytes.Equal(ch.random, ch1.random) ||
810 !bytes.Equal(ch.sessionId, ch1.sessionId) ||
811 !bytes.Equal(ch.compressionMethods, ch1.compressionMethods) ||
812 ch.serverName != ch1.serverName ||
813 ch.ocspStapling != ch1.ocspStapling ||
814 !bytes.Equal(ch.supportedPoints, ch1.supportedPoints) ||
815 ch.ticketSupported != ch1.ticketSupported ||
816 !bytes.Equal(ch.sessionTicket, ch1.sessionTicket) ||
817 ch.secureRenegotiationSupported != ch1.secureRenegotiationSupported ||
818 !bytes.Equal(ch.secureRenegotiation, ch1.secureRenegotiation) ||
819 ch.scts != ch1.scts ||
820 !bytes.Equal(ch.cookie, ch1.cookie) ||
821 !bytes.Equal(ch.pskModes, ch1.pskModes)
822}
823
824func (hs *serverHandshakeStateTLS13) sendServerParameters() error {
825 c := hs.c

Callers 1

doHelloRetryRequestMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…