| skipped 197 lines |
| 198 | 198 | | tunnel server is acting as a proxy, for example), unless that data has |
| 199 | 199 | | been separately encrypted before being sent through the tunnel. |
| 200 | 200 | | |
| | 201 | + | The dnstt client does not do anything special to disguise its TLS |
| | 202 | + | fingerprint. It uses the crypto/tls package from Go, and its TLS |
| | 203 | + | fingerprint will depend on what version of Go it was compiled with. You |
| | 204 | + | should assume that the DNS tunnel client is identifiable by TLS |
| | 205 | + | fingerprint. A path to hiding the TLS fingerprint would be to integrate |
| | 206 | + | uTLS (https://github.com/refraction-networking/utls). |
| | 207 | + | |
| 201 | 208 | | |
| 202 | 209 | | ## Encryption and authentication |
| 203 | 210 | | |
| skipped 75 lines |
David Fifield
committed
4 years ago
1 parent ad68ec9a