-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HelloFirefox* gets an ECDSA verification failure #274
Comments
It is a known issue caused by TLS extension While adding support to |
Sounds like I will take on this adventure. Will update here when I make some progress. |
The only issue is that we are required to implement the delegated credential extension in the x509 parser as well @gaukas what do you suggest? a local copy like dicttls ? |
Hmm. That's pretty tough. I am not super familiar with this extension yet, but from cloudflare/go I can see it is due to our certificate handling (from Not an expert in this but is it possible for us to override a standard library to a remote package (say I would rather suggest instead trying persuading go team to accept the required change and backport it into currently maintained versions. But afterall, if we really want to vendor it, we might want to minimize the impact by strictly limiting the use of our x509 which would go out-of-date very easily. |
Seems to happen on
facebook.com
as well asfbcdn.net
. Minimal recreate below.Changing
utls.HelloFirefox_Auto
toutls.HelloChrome_Auto
appears to resolve the issue.The text was updated successfully, but these errors were encountered: