tls1.2_ticket_auth random packet size

8 years ago · cfb8944003
3 changed files with 12 additions and 5 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2.9.5.1 2016-10-17
+- tls1.2_ticket_auth random packet size
+
+2.9.5.1 2016-10-16
+- UDP bind address
+
 2.9.5 2016-10-13
 - add auth_aes128_md5 and auth_aes128_sha1

--- a/shadowsocks/obfsplugin/obfs_tls.py
+++ b/shadowsocks/obfsplugin/obfs_tls.py
@ -149,9 +149,10 @@ class tls_ticket_auth(plain.plain):
            return buf
        if self.handshake_status == 8:
            ret = b''
-            while len(buf) > 8192:
-                ret += b"\x17" + self.tls_version + struct.pack('>H', 8192) + buf[:8192]
-                buf = buf[8192:]
+            while len(buf) > 4096:
+                size = struct.unpack('>H', os.urandom(2))[0] % 4096 + 100
+                ret += b"\x17" + self.tls_version + struct.pack('>H', size) + buf[:size]
+                buf = buf[size:]
            if len(buf) > 0:
                ret += b"\x17" + self.tls_version + struct.pack('>H', len(buf)) + buf
            return ret
@ -178,7 +179,7 @@ class tls_ticket_auth(plain.plain):
            ret = b''
            self.recv_buffer += buf
            while len(self.recv_buffer) > 5:
-                if ord(self.recv_buffer[0]) != 0x17:
+                if ord(self.recv_buffer[0]) != 0x17 or ord(self.recv_buffer[1]) != 0x3 or ord(self.recv_buffer[2]) != 0x3:
                    logging.info("data = %s" % (binascii.hexlify(self.recv_buffer)))
                    raise Exception('server_decode appdata error')
                size = struct.unpack('>H', self.recv_buffer[3:5])[0]
--- a/shadowsocks/version.py
+++ b/shadowsocks/version.py
@ -16,5 +16,5 @@
 # under the License.

 def version():
-    return '2.9.5.1 2016-10-16'
+    return '2.9.6 2016-10-17'