fix: fix tls versions for non-ech connections

mingyech · mingyech · commit f1c485fe02db · 2025-04-20T16:47:56.000-06:00
diff --git a/u_conn.go b/u_conn.go
@@ -576,7 +576,6 @@ func (uconn *UConn) MarshalClientHello() error {
 		inner.supportedSignatureAlgorithms = uconn.HandshakeState.Hello.SupportedSignatureAlgorithms
 		inner.sessionId = uconn.HandshakeState.Hello.SessionId
 		inner.supportedCurves = uconn.HandshakeState.Hello.SupportedCurves
-		inner.supportedVersions = []uint16{VersionTLS13} // hardcode tls 1.3 as it is the only supported version currently
 
 		ech.innerHello = inner
 
@@ -588,14 +587,12 @@ func (uconn *UConn) MarshalClientHello() error {
 			return fmt.Errorf("sni extension missing while attempting ECH")
 		}
 
-		oldSNI := uconn.Extensions[sniExtIdex]
 		uconn.Extensions[sniExtIdex] = &SNIExtension{
 			ServerName: string(ech.config.PublicName),
 		}
 
 		uconn.computeAndUpdateOuterECHExtension(inner, ech, true)
 
-		uconn.Extensions[sniExtIdex] = oldSNI
 		uconn.echCtx = ech
 		return nil
 	}
@@ -761,6 +758,10 @@ func (uconn *UConn) SetTLSVers(minTLSVers, maxTLSVers uint16, specExtensions []T
 	}
 
 	uconn.HandshakeState.Hello.SupportedVersions = makeSupportedVersions(minTLSVers, maxTLSVers)
+	if uconn.config.EncryptedClientHelloConfigList == nil {
+		uconn.config.MinVersion = minTLSVers
+		uconn.config.MaxVersion = maxTLSVers
+	}
 
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -576,7 +576,6 @@ func (uconn *UConn) MarshalClientHello() error {`
`576`	`576`	`inner.supportedSignatureAlgorithms = uconn.HandshakeState.Hello.SupportedSignatureAlgorithms`
`577`	`577`	`inner.sessionId = uconn.HandshakeState.Hello.SessionId`
`578`	`578`	`inner.supportedCurves = uconn.HandshakeState.Hello.SupportedCurves`
`579`		`- inner.supportedVersions = []uint16{VersionTLS13} // hardcode tls 1.3 as it is the only supported version currently`
`580`	`579`
`581`	`580`	`ech.innerHello = inner`
`582`	`581`
`@@ -588,14 +587,12 @@ func (uconn *UConn) MarshalClientHello() error {`
`588`	`587`	`return fmt.Errorf("sni extension missing while attempting ECH")`
`589`	`588`	`}`
`590`	`589`
`591`		`- oldSNI := uconn.Extensions[sniExtIdex]`
`592`	`590`	`uconn.Extensions[sniExtIdex] = &SNIExtension{`
`593`	`591`	`ServerName: string(ech.config.PublicName),`
`594`	`592`	`}`
`595`	`593`
`596`	`594`	`uconn.computeAndUpdateOuterECHExtension(inner, ech, true)`
`597`	`595`
`598`		`- uconn.Extensions[sniExtIdex] = oldSNI`
`599`	`596`	`uconn.echCtx = ech`
`600`	`597`	`return nil`
`601`	`598`	`}`
`@@ -761,6 +758,10 @@ func (uconn *UConn) SetTLSVers(minTLSVers, maxTLSVers uint16, specExtensions []T`
`761`	`758`	`}`
`762`	`759`
`763`	`760`	`uconn.HandshakeState.Hello.SupportedVersions = makeSupportedVersions(minTLSVers, maxTLSVers)`
	`761`	`+ if uconn.config.EncryptedClientHelloConfigList == nil {`
	`762`	`+ uconn.config.MinVersion = minTLSVers`
	`763`	`+ uconn.config.MaxVersion = maxTLSVers`
	`764`	`+ }`
`764`	`765`
`765`	`766`	`return nil`
`766`	`767`	`}`