|
|
@@ -474,6 +474,14 @@ func makeFrontedHTTPClient(
|
|
|
networkLatencyMultiplierMax,
|
|
|
p.Float(parameters.NetworkLatencyMultiplierLambda))
|
|
|
|
|
|
+ tlsFragmentClientHello := false
|
|
|
+ tlsFragmentorLimitProtocols := p.TunnelProtocols(parameters.TLSFragmentClientHelloLimitProtocols)
|
|
|
+ if len(tlsFragmentorLimitProtocols) == 0 || common.Contains(tlsFragmentorLimitProtocols, effectiveTunnelProtocol) {
|
|
|
+ if net.ParseIP(meekSNIServerName) == nil {
|
|
|
+ tlsFragmentClientHello = p.WeightedCoinFlip(parameters.TLSFragmentClientHelloProbability)
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
meekConfig := &MeekConfig{
|
|
|
DiagnosticID: frontingProviderID,
|
|
|
Parameters: config.GetParameters(),
|
|
|
@@ -481,6 +489,7 @@ func makeFrontedHTTPClient(
|
|
|
DialAddress: meekDialAddress,
|
|
|
UseHTTPS: true,
|
|
|
TLSProfile: tlsProfile,
|
|
|
+ TLSFragmentClientHello: tlsFragmentClientHello,
|
|
|
NoDefaultTLSSessionID: noDefaultTLSSessionID,
|
|
|
RandomizedTLSProfileSeed: randomizedTLSProfileSeed,
|
|
|
SNIServerName: meekSNIServerName,
|
|
|
@@ -603,6 +612,10 @@ func makeFrontedHTTPClient(
|
|
|
params["tls_version"] = getTLSVersionForMetrics(tlsVersion, meekConfig.NoDefaultTLSSessionID)
|
|
|
}
|
|
|
|
|
|
+ if meekConfig.TLSFragmentClientHello {
|
|
|
+ params["tls_fragmented"] = "1"
|
|
|
+ }
|
|
|
+
|
|
|
return params
|
|
|
}
|
|
|
|
Amir Khan