Use QUIC version 1, RFC 9000

psiphon/common/protocol/protocol.go

@@ -377,13 +377,13 @@ func (labeledProfiles LabeledTLSProfiles) PruneInvalid(customTLSProfiles []strin
 }
 
 const (
-	QUIC_VERSION_GQUIC39           = "gQUICv39"
-	QUIC_VERSION_GQUIC43           = "gQUICv43"
-	QUIC_VERSION_GQUIC44           = "gQUICv44"
-	QUIC_VERSION_OBFUSCATED        = "OBFUSCATED"
-	QUIC_VERSION_IETF29            = "IETFv29"
-	QUIC_VERSION_RANDOMIZED_IETF29 = "RANDOMIZED-IETFv29"
-	QUIC_VERSION_OBFUSCATED_IETF29 = "OBFUSCATED-IETFv29"
+	QUIC_VERSION_GQUIC39       = "gQUICv39"
+	QUIC_VERSION_GQUIC43       = "gQUICv43"
+	QUIC_VERSION_GQUIC44       = "gQUICv44"
+	QUIC_VERSION_OBFUSCATED    = "OBFUSCATED"
+	QUIC_VERSION_V1            = "QUICv1"
+	QUIC_VERSION_RANDOMIZED_V1 = "RANDOMIZED-QUICv1"
+	QUIC_VERSION_OBFUSCATED_V1 = "OBFUSCATED-QUICv1"
 )
 
 var SupportedQUICVersions = QUICVersions{
@@ -391,9 +391,9 @@ var SupportedQUICVersions = QUICVersions{
 	QUIC_VERSION_GQUIC43,
 	QUIC_VERSION_GQUIC44,
 	QUIC_VERSION_OBFUSCATED,
-	QUIC_VERSION_IETF29,
-	QUIC_VERSION_RANDOMIZED_IETF29,
-	QUIC_VERSION_OBFUSCATED_IETF29,
+	QUIC_VERSION_V1,
+	QUIC_VERSION_RANDOMIZED_V1,
+	QUIC_VERSION_OBFUSCATED_V1,
 }
 
 var legacyQUICVersions = QUICVersions{
@@ -401,11 +401,11 @@ var legacyQUICVersions = QUICVersions{
 }
 
 func QUICVersionHasRandomizedClientHello(version string) bool {
-	return version == QUIC_VERSION_RANDOMIZED_IETF29
+	return version == QUIC_VERSION_RANDOMIZED_V1
 }
 
 func QUICVersionIsObfuscated(version string) bool {
-	return version == QUIC_VERSION_OBFUSCATED || version == QUIC_VERSION_OBFUSCATED_IETF29
+	return version == QUIC_VERSION_OBFUSCATED || version == QUIC_VERSION_OBFUSCATED_V1
 }
 
 type QUICVersions []string

psiphon/common/quic/obfuscator.go

@@ -503,10 +503,10 @@ func isIETFQUICClientHello(buffer []byte) bool {
 		return false
 	}
 
-	// IETF QUIC draft-24
+	// IETF QUIC version 1, RFC 9000
 
-	return buffer[1] == 0xff &&
+	return buffer[1] == 0 &&
 		buffer[2] == 0 &&
 		buffer[3] == 0 &&
-		buffer[4] == 0x1d
+		buffer[4] == 0x1
 }

psiphon/common/quic/quic.go

@@ -77,33 +77,33 @@ func Enabled() bool {
 	return true
 }
 
-const ietfQUICDraft29VersionNumber = 0xff00001d
+const ietfQUIC1VersionNumber = 0x1
 
 var supportedVersionNumbers = map[string]uint32{
-	protocol.QUIC_VERSION_GQUIC39:           uint32(gquic.VersionGQUIC39),
-	protocol.QUIC_VERSION_GQUIC43:           uint32(gquic.VersionGQUIC43),
-	protocol.QUIC_VERSION_GQUIC44:           uint32(gquic.VersionGQUIC44),
-	protocol.QUIC_VERSION_OBFUSCATED:        uint32(gquic.VersionGQUIC43),
-	protocol.QUIC_VERSION_IETF29:            ietfQUICDraft29VersionNumber,
-	protocol.QUIC_VERSION_RANDOMIZED_IETF29: ietfQUICDraft29VersionNumber,
-	protocol.QUIC_VERSION_OBFUSCATED_IETF29: uint32(ietfQUICDraft29VersionNumber),
+	protocol.QUIC_VERSION_GQUIC39:       uint32(gquic.VersionGQUIC39),
+	protocol.QUIC_VERSION_GQUIC43:       uint32(gquic.VersionGQUIC43),
+	protocol.QUIC_VERSION_GQUIC44:       uint32(gquic.VersionGQUIC44),
+	protocol.QUIC_VERSION_OBFUSCATED:    uint32(gquic.VersionGQUIC43),
+	protocol.QUIC_VERSION_V1:            ietfQUIC1VersionNumber,
+	protocol.QUIC_VERSION_RANDOMIZED_V1: ietfQUIC1VersionNumber,
+	protocol.QUIC_VERSION_OBFUSCATED_V1: uint32(ietfQUIC1VersionNumber),
 }
 
 func isObfuscated(quicVersion string) bool {
 	return quicVersion == protocol.QUIC_VERSION_OBFUSCATED ||
-		quicVersion == protocol.QUIC_VERSION_OBFUSCATED_IETF29
+		quicVersion == protocol.QUIC_VERSION_OBFUSCATED_V1
 }
 
 func isClientHelloRandomized(quicVersion string) bool {
-	return quicVersion == protocol.QUIC_VERSION_RANDOMIZED_IETF29
+	return quicVersion == protocol.QUIC_VERSION_RANDOMIZED_V1
 }
 
 func isIETFVersion(versionNumber uint32) bool {
-	return versionNumber == ietfQUICDraft29VersionNumber
+	return versionNumber == ietfQUIC1VersionNumber
 }
 
 func getALPN(versionNumber uint32) string {
-	return "h3-29"
+	return "h3"
 }
 
 // quic_test overrides the server idle timeout.
@@ -957,7 +957,7 @@ func newMuxListener(
 
 	tlsConfig := &tls.Config{
 		Certificates: []tls.Certificate{tlsCertificate},
-		NextProtos:   []string{getALPN(ietfQUICDraft29VersionNumber)},
+		NextProtos:   []string{getALPN(ietfQUIC1VersionNumber)},
 	}
 
 	ietfQUICConfig := &ietf_quic.Config{

psiphon/dialParameters.go

@@ -1097,8 +1097,9 @@ func selectQUICVersion(
 		if frontingProviderID == "" {
 			// Legacy server entry case
 			disableQUICVersions = protocol.QUICVersions{
-				protocol.QUIC_VERSION_IETF29,
-				protocol.QUIC_VERSION_RANDOMIZED_IETF29,
+				protocol.QUIC_VERSION_V1,
+				protocol.QUIC_VERSION_RANDOMIZED_V1,
+				protocol.QUIC_VERSION_OBFUSCATED_V1,
 			}
 		} else {
 			disableQUICVersions = p.LabeledQUICVersions(