Benchmark getClientHelloVersion performance

psiphon/tlsCompatibility_test.go

@@ -32,6 +32,7 @@ import (
 	"github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/parameters"
 	"github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/protocol"
 	tris "github.com/Psiphon-Labs/tls-tris"
+	utls "github.com/refraction-networking/utls"
 )
 
 func TestTLSCompatibility(t *testing.T) {
@@ -162,3 +163,11 @@ func testTLSCompatibility(t *testing.T, address string) {
 		}
 	}
 }
+
+func BenchmarkRandomizedGetClientHelloVersion(b *testing.B) {
+	for n := 0; n < b.N; n++ {
+		utlsClientHelloID := utls.HelloRandomized
+		utlsClientHelloID.Seed, _ = utls.NewPRNGSeed()
+		getClientHelloVersion(utlsClientHelloID)
+	}
+}

psiphon/tlsDialer.go

@@ -198,6 +198,14 @@ func getClientHelloVersion(utlsClientHelloID utls.ClientHelloID) (string, error)
 	// Assumes utlsClientHelloID.Seed has been set; otherwise the result is
 	// ephemeral.
 
+	// As utls.HelloRandomized may be either TLS 1.2 or TLS 1.3, we cannot
+	// perform a simple ClientHello ID check. BuildHandshakeState is run, which
+	// constructs the entire ClientHello.
+	//
+	// BenchmarkRandomizedGetClientHelloVersion indicates that this operation
+	// takes on the order of 0.05ms and allocates ~8KB for randomized client
+	// hellos.
+
 	conn := utls.UClient(
 		nil,
 		&utls.Config{InsecureSkipVerify: true},