net4people
Many tools like WebTunnel and V2rayN are using the default golang tls fingerprint. Does this have an impact?
I have observed that many tools do not enable uTLS by default and use Golang's default fingerprint, but these tools are not blocked. Will Golang fingerprint be used as one of the recognition features?
Most GUI clients set it to chrome, so I don't think so. It was blocked in Turkmenistan in 2022 along with Firefox fingerprint (was used in cloak iirc) for some time, not sure about now.
Most GUI clients set it to chrome, so I don't think so. It was blocked in Turkmenistan in 2022 along with Firefox fingerprint (was used in cloak iirc) for some time, not sure about now.
It might be an issue with the imported nodes configuration—I’m not sure. But in my local environment, it is indeed using Go’s default fingerprint. What I mean is that since the vast majority of tools are now written in Go, I’m wondering how much share Go’s default fingerprint accounts for in real-world usage, and whether it could potentially be blacklisted in the future.
Here are some references to research about TLS fingerprinting that mention the Go crypto/tls fingerprint. There used to be an online tool at https://tlsfingerprint.io/ that would show how common different TLS fingerprints are, but it looks like it's offline now.
"Blocking-resistant communication through domain fronting" (2015) Camouflage for the TLS layer and Appendix: Sample TLS fingerprints:
Tor itself was blocked by China in 2011 because of the distinctive ciphersuites it used at the time. The first figure in the appendix shows how meek-client’s fingerprint would appear natively; it would be easy to block because not much other software shares the same fingerprint.
"The use of TLS in Censorship Circumvention" (2019) Section V
Snowflake (built from git master branch on April 17, 2018) generates a fingerprint that is close to, but not exactly the same as the default Golang TLS fingerprint. In particular, it diverges by including the NPN and ALPN extensions, and offers a different set of signature algorithms. As a result, this fingerprint is seen in fewer than 0.0008% of connections, making it susceptible to blocking.
Lantern uses a Golang TLS variant that sends a Session Ticket extension, and doesn’t send the server name extension. This variant does appear in our dataset, however, at a very low rate: approximately 0.0003% of connections, ranked 1867 in terms of popularity.
"Snowflake, a censorship circumvention system using temporary WebRTC proxies" (2024) Blocking in Iran
The cause of the rise was extraordinary new network restrictions amid mass protests [3]; the cause of the decline was TLS fingerprint blocking, which stopped Snowflake rendezvous from working. The crypto/tls package of the Go programming language (in which the Snowflake client is written) may produce several slightly different TLS fingerprints, depending on hardware capabilities and how it is compiled.39 It was one of these fingerprints that was blocked. Because the blocking rule was specific to one fingerprint, only some users were affected.• Why would a censor block only one (even if the most common) of several TLS fingerprints? It may have been a simple oversight. On the other hand, it is not certain that this instance of TLS fingerprinting in Iran was meant for Snowflake specifically. Go is a popular language for implementing circumvention systems; Snowflake may have been caught up in blocking that was intended for another system.
并且 REALITY 的 Golang 客户端实现基于 uTLS 的浏览器指纹,所以无法用 Golang TLS 指纹
VLESS 分享链接标准中,TLS 默认也是 Chrome 指纹:https://github.com/XTLS/Xray-core/discussions/716
Moreover, REALITY's Go client implementation relies on browser fingerprinting via uTLS, so Go TLS fingerprinting cannot be used.
In the VLESS link-sharing standard, TLS also defaults to Chrome fingerprinting: https://github.com/XTLS/Xray-core/discussions/716