Use github.com/Psiphon-Labs/utls@c1daf1ce55c1

* Fixes PSK binder not written on wire (TestObfuscatedSessionTicket)
* Fixes iOS/Safari TLS profiles handshake failures

go.mod

@@ -41,7 +41,7 @@ require (
 	github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464
 	github.com/Psiphon-Labs/psiphon-tls v0.0.0-20250219165059-533f95b512e9
 	github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0
-	github.com/Psiphon-Labs/utls v0.0.0-20250228222508-0e6c20273fcc
+	github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1
 	github.com/armon/go-proxyproto v0.0.0-20180202201750-5b7edb60ff5f
 	github.com/bifurcation/mint v0.0.0-20180306135233-198357931e61
 	github.com/bits-and-blooms/bloom/v3 v3.6.0

go.sum

@@ -26,8 +26,8 @@ github.com/Psiphon-Labs/psiphon-tls v0.0.0-20250219165059-533f95b512e9 h1:Pjzuvk
 github.com/Psiphon-Labs/psiphon-tls v0.0.0-20250219165059-533f95b512e9/go.mod h1:7ZUnPnWT5z8J8hxfsVjKHYK77Zme/Y0If1b/zeziiJs=
 github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0 h1:E1L02sxaIDWp7c7KOmU2iQHodg7On6sB//i2BMWs//w=
 github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0/go.mod h1:rONdWgPMbFjyyBai7gB1IBF4pT9r4l0GyiDst5XR1SY=
-github.com/Psiphon-Labs/utls v0.0.0-20250228222508-0e6c20273fcc h1:ojzcP5Hia0pAidJvnNAd2DaA/siX9vPDTPC9kvhDRFY=
-github.com/Psiphon-Labs/utls v0.0.0-20250228222508-0e6c20273fcc/go.mod h1:1vv0gVAzq9e2XYkW8HAKrmtuuZrBdDixQFx5H22KAjI=
+github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1 h1:4AoKcLPErKMbqVdhA2MmnEP8kC4/CLlADnIR4rULHfM=
+github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1/go.mod h1:1vv0gVAzq9e2XYkW8HAKrmtuuZrBdDixQFx5H22KAjI=
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=

vendor/github.com/Psiphon-Labs/utls/handshake_client_tls13.go

@@ -766,10 +766,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 		return nil
 	}
 
-	// [UTLS SECTION BEGIN]
-	// msg, err := c.readHandshake(hs.transcript)
-	msg, err := c.readHandshake(nil) // hold writing to transcript until we know it is not compressed cert
-	// [UTLS SECTION END]
+	msg, err := c.readHandshake(hs.transcript)
 	if err != nil {
 		return err
 	}
@@ -777,24 +774,20 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 	certReq, ok := msg.(*certificateRequestMsgTLS13)
 	if ok {
 		hs.certReq = certReq
-		transcriptMsg(certReq, hs.transcript) // [UTLS] if it is certReq (not compressedCert), write to transcript
 
-		// msg, err = c.readHandshake(hs.transcript) // [UTLS]
-		msg, err = c.readHandshake(nil) // [UTLS] we don't write to transcript until make sure it is not compressed cert
+		msg, err = c.readHandshake(hs.transcript)
 		if err != nil {
 			return err
 		}
 	}
 
 	// [UTLS SECTION BEGINS]
-	var skipWritingCertToTranscript bool = false
 	if hs.uconn != nil {
 		processedMsg, err := hs.utlsReadServerCertificate(msg)
 		if err != nil {
 			return err
 		}
 		if processedMsg != nil {
-			skipWritingCertToTranscript = true
 			msg = processedMsg // msg is now a processed-by-extension certificateMsg
 		}
 	}
@@ -810,14 +803,6 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 		return errors.New("tls: received empty certificates message")
 	}
 
-	// [UTLS SECTION BEGINS]
-	if !skipWritingCertToTranscript { // write to transcript only if it is not compressedCert (i.e. if not processed by extension)
-		if err = transcriptMsg(certMsg, hs.transcript); err != nil {
-			return err
-		}
-	}
-	// [UTLS SECTION ENDS]
-
 	c.scts = certMsg.certificate.SignedCertificateTimestamps
 	c.ocspResponse = certMsg.certificate.OCSPStaple
 

vendor/github.com/Psiphon-Labs/utls/u_conn.go

@@ -211,11 +211,10 @@ func (uconn *UConn) DidTls12Resume() bool {
 //
 // Deprecated: This method is deprecated in favor of SetSessionTicketExtension,
 // as it only handles session override of TLS 1.2
-func (uconn *UConn) SetSessionState(session *ClientSessionState) error {
+func (uconn *UConn) SetSessionState(cs *ClientSessionState) error {
 	sessionTicketExt := &SessionTicketExtension{Initialized: true}
-	if session != nil {
-		sessionTicketExt.Session.ticket = session.session.ticket
-		sessionTicketExt.Session = session.session
+	if cs != nil {
+		sessionTicketExt.Session = cs.session
 	}
 	return uconn.SetSessionTicketExtension(sessionTicketExt)
 }

vendor/github.com/Psiphon-Labs/utls/u_handshake_client.go

@@ -26,9 +26,6 @@ func (hs *clientHandshakeStateTLS13) utlsReadServerCertificate(msg any) (process
 			if len(hs.uconn.certCompressionAlgs) > 0 {
 				compressedCertMsg, ok := msg.(*utlsCompressedCertificateMsg)
 				if ok {
-					if err = transcriptMsg(compressedCertMsg, hs.transcript); err != nil {
-						return nil, err
-					}
 					msg, err = hs.decompressCert(*compressedCertMsg)
 					if err != nil {
 						return nil, fmt.Errorf("tls: failed to decompress certificate message: %w", err)

vendor/github.com/Psiphon-Labs/utls/u_pre_shared_key.go

@@ -329,6 +329,21 @@ func (e *UtlsPreSharedKeyExtension) PatchBuiltHello(hello *PubClientHelloMsg) er
 		return err
 	}
 	// derived end //
+
+	// copied from handshake_messages.go in 1.22
+	lenWithoutBinders := len(helloBytes)
+	b := cryptobyte.NewFixedBuilder(private.original[:lenWithoutBinders])
+	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+		for _, binder := range private.pskBinders {
+			b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+				b.AddBytes(binder)
+			})
+		}
+	})
+	if out, err := b.Bytes(); err != nil || len(out) != len(private.original) {
+		return errors.New("tls: internal error: failed to update binders")
+	}
+
 	e.Binders = pskBinders
 
 	// no need to care about other PSK related fields, they will be handled separately

vendor/modules.txt

@@ -57,7 +57,7 @@ github.com/Psiphon-Labs/quic-go/internal/utils/ringbuffer
 github.com/Psiphon-Labs/quic-go/internal/wire
 github.com/Psiphon-Labs/quic-go/logging
 github.com/Psiphon-Labs/quic-go/quicvarint
-# github.com/Psiphon-Labs/utls v0.0.0-20250228222508-0e6c20273fcc
+# github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1
 ## explicit; go 1.23
 github.com/Psiphon-Labs/utls
 github.com/Psiphon-Labs/utls/byteorder