Skip to content

Commit cd2f347

Browse files
gdy666seankhliao
gdy666
authored and
seankhliao
committed
crypto/tls: fix ECH compatibility
Previously, the code only checked supportedVersions[0] for TLS 1.3 However, Chromium-based browsers may list TLS 1.3 at different positions, causing ECH failures. This fix: Iterates through supportedVersions to accept connections as long as TLS 1.3 is present. Improves ECH compatibility, ensuring Chrome, Edge, and other browsers work properly. Fixes #71642 Change-Id: I32f4219fb6654d5cc22c7f33497c6142c0acb4f2 Reviewed-on: https://go-review.googlesource.com/c/go/+/648015 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Daniel McCarney <[email protected]>
1 parent c7ea871 commit cd2f347

File tree

1 file changed

+22
-2
lines changed

1 file changed

+22
-2
lines changed

src/crypto/tls/ech.go

+22-2
Original file line numberDiff line numberDiff line change
@@ -392,8 +392,28 @@ func decodeInnerClientHello(outer *clientHelloMsg, encoded []byte) (*clientHello
392392
return nil, errInvalidECHExt
393393
}
394394

395-
if len(inner.supportedVersions) != 1 || (len(inner.supportedVersions) >= 1 && inner.supportedVersions[0] != VersionTLS13) {
396-
return nil, errors.New("tls: client sent encrypted_client_hello extension and offered incompatible versions")
395+
hasTLS13 := false
396+
for _, v := range inner.supportedVersions {
397+
// Skip GREASE values (values of the form 0x?A0A).
398+
// GREASE (Generate Random Extensions And Sustain Extensibility) is a mechanism used by
399+
// browsers like Chrome to ensure TLS implementations correctly ignore unknown values.
400+
// GREASE values follow a specific pattern: 0x?A0A, where ? can be any hex digit.
401+
// These values should be ignored when processing supported TLS versions.
402+
if v&0x0F0F == 0x0A0A && v&0xff == v>>8 {
403+
continue
404+
}
405+
406+
// Ensure at least TLS 1.3 is offered.
407+
if v == VersionTLS13 {
408+
hasTLS13 = true
409+
} else if v < VersionTLS13 {
410+
// Reject if any non-GREASE value is below TLS 1.3, as ECH requires TLS 1.3+.
411+
return nil, errors.New("tls: client sent encrypted_client_hello extension with unsupported versions")
412+
}
413+
}
414+
415+
if !hasTLS13 {
416+
return nil, errors.New("tls: client sent encrypted_client_hello extension but did not offer TLS 1.3")
397417
}
398418

399419
return inner, nil

0 commit comments

Comments
 (0)