Thorium-Win icon indicating copy to clipboard operation
Thorium-Win copied to clipboard

Published 20 hours ago verified publisher icon Alex313031

Encrypted ClientHello - Missing?

Open adrianmmiller opened this issue 10 months ago • 8 comments

System Details

  • OS: Windows 10
  • Thorium Version 122.0.6261.132 (Official Build) (64-bit)

Problem Cannot pass Secure SNI on cloudflare test using Thorium when using dnscrypt-proxy, works fine with Firefox, Chrome and Chromium

Check for Encrypted ClientHello flags which exist in Chrome/Chromium - but none exist in Thorium

adrianmmiller avatar Apr 19 '24 15:04 adrianmmiller

Issue also affects Thorium for legacy Windows versions https://github.com/Alex313031/thorium-legacy/issues/72

narinishi avatar Apr 26 '24 05:04 narinishi

This issue seems to be related to the new algorithm recently deployed by Google, please try going to chrome://flags and turn enable-tls13-kyber off

gz83 avatar Apr 29 '24 09:04 gz83

This issue seems to be related to the new algorithm recently deployed by Google, please try going to chrome://flags and turn enable-tls13-kyber off

Afraid its a still no goer.....

adrianmmiller avatar Apr 29 '24 09:04 adrianmmiller

Have you updated to version M123? In addition, related problems may not be improved until the M124 version.

At the same time, this issue may also be related to some patches we use, and I need Alex to verify this issue.

@Alex313031

gz83 avatar Apr 29 '24 13:04 gz83

Have you updated to version M123? In addition, related problems may not be improved until the M124 version.

At the same time, this issue may also be related to some patches we use, and I need Alex to verify this issue.

@Alex313031

Just tried latest (M123), no change sorry, and understood, thanks for the follow up

adrianmmiller avatar Apr 29 '24 13:04 adrianmmiller

@gz83 @narinishi @adrianmmiller @eltociear I think this is related to the two DNS patches we use. One is from Ungoogled, the other is from Bromite.

They are always enabled and cannot be disabled except at the source code level. I don't want to remove them, because for the majority of cases, it works fine and hardens security. But what I will do (especially since you guys are not the first to report DNS problems in Thorium), is put them behind a chrome://flags flag. Something like "Disable Thorium DNS Config". This way it can be disabled via GUI.

Alex313031 avatar Apr 29 '24 15:04 Alex313031

@gz83 @narinishi @adrianmmiller @eltociear I think this is related to the two DNS patches we use. One is from Ungoogled, the other is from Bromite.

They are always enabled and cannot be disabled except at the source code level. I don't want to remove them, because for the majority of cases, it works fine and hardens security. But what I will do (especially since you guys are not the first to report DNS problems in Thorium), is put them behind a chrome://flags flag. Something like "Disable Thorium DNS Config". This way it can be disabled via GUI.

Cant ask for a better response than that, cheers

adrianmmiller avatar Apr 29 '24 15:04 adrianmmiller

@gz83 @narinishi @adrianmmiller @eltociear Here we go > https://github.com/Alex313031/thorium/commit/840ec41e774442da669a5a863b5a1bec31523951

Also, @narinishi I added this to the thorium-legacy repo as well, so it will be present in the next builds.

Alex313031 avatar Apr 29 '24 15:04 Alex313031