no Client Hello after #3 ACK

Question

no Client Hello after #3 ACK

opened this issue 4 years ago · comments

This is the capture for

curl -v \
https://pixiv.net -x socks5h://127.0.0.1:1080 \
--connect-to pixiv.net:443:210.140.131.199

cURL stuck at * TLSv1.3 (OUT), TLS handshake, Client hello (1):

This a the capture for

curl -v \
https://210.140.131.199

with no problem:

Is it a matter of how I use it?
Or is there interference from the Great Firewall?

Deleted user · Answer 1 · Mon Feb 01 2021 23:27:34 GMT+0800 (China Standard Time)

Part of the configuration file content is as follows

#DNS Protection
server=tls://8.8.8.8:853

...

#Other
method=ttl,w-md5,w-csum,tfo,w-seq,w-time,s-seg
steamcommunity.com
.steamcommunity.com
pixiv.net=210.140.131.199
pixiv.net
.pixiv.net
.pximg.net
...

Deleted user · Answer 2 · Mon Feb 01 2021 23:32:32 GMT+0800 (China Standard Time)

I just changed the method in the configuration file to w-ack

Deleted user · Answer 3 · Mon Feb 01 2021 23:41:25 GMT+0800 (China Standard Time)

s-seg, mode2, w-csum, w-md5, w-time, w-seq will also receive malformed RST immediately after client hello

Deleted user · Answer 4 · Mon Feb 01 2021 23:47:57 GMT+0800 (China Standard Time)

OK, w-ack works for www.pixiv.net (Cloudflared), and other like mohu.rocks quora.com

I think it may just be 210.* The server itself does not support such packets