Google Chrome new ClientHelloSpec

Question

Google Chrome new ClientHelloSpec

gaukas opened this issue 10 months ago · comments

Gaukas Wang commented 10 months ago

TLS Client

Google Chrome Version 115.0.5790.110 (Official Build) (64-bit)

Known Fingerprints

N/ffa2ee96ff7b42d4 (no pre_shared_key)
N/6ff3881f1cbb1497 (pre_shared_key, no padding)
N/84cf5dd358538618 (padding then pre_shared_key) New

Notes

Tap data (according to https://tlsfingerprint.io) shows that the new fingerprint is still less popular (1.48% of the connection) comparing to the former ones (35.08% and 6.64% respectively) in the past week, which indicates that there could be some hidden criteria being met before the third fingerprint in the list is getting selected or maybe there could be an A/B test.

Advised Action

A parrot for the third fingerprint could be useful. A PR is welcomed, or utls team will consider including the parrot when this fingerprint becomes more popular.

Gaukas Wang · Answer 1 · Sun Aug 13 2023 02:14:20 GMT+0800 (China Standard Time)

Let's hold this one. Currently expecting Google Chrome to make major changes in the next version. Related to #221.

Gaukas Wang · Answer 2 · Mon Aug 14 2023 12:44:17 GMT+0800 (China Standard Time)

Post-Quantum ClientHelloSpec in Chrome 115 after setting chrome://flags/#enable-tls13-kyber:

N/8df981daa05723dc (no pre_shared_key†)
N/1f8c15afb9d38c74 (pre_shared_key)

† Does not come with a padding extension, likely due to the enormous size of x25519kyber768's key share data.