Specify TLS 1.2-TLS 1.3 supported range for client connections

neilalexander · neilalexander · commit 69451fe969bf · 2024-12-12T19:07:55.000Z
Should fix #1208.
diff --git a/src/core/link_quic.go b/src/core/link_quic.go
@@ -54,6 +54,8 @@ func (l *linkQUIC) dial(ctx context.Context, url *url.URL, info linkInfo, option
 	tlsconfig := l.tlsconfig.Clone()
 	return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) {
 		tlsconfig.ServerName = hostname
+		tlsconfig.MinVersion = tls.VersionTLS12
+		tlsconfig.MaxVersion = tls.VersionTLS13
 		hostport := net.JoinHostPort(ip.String(), fmt.Sprintf("%d", port))
 		qc, err := quic.DialAddr(ctx, hostport, l.tlsconfig, l.quicconfig)
 		if err != nil {
diff --git a/src/core/link_socks.go b/src/core/link_socks.go
@@ -51,6 +51,8 @@ func (l *linkSOCKS) dial(_ context.Context, url *url.URL, info linkInfo, options
 		}
 		if url.Scheme == "sockstls" {
 			tlsconfig.ServerName = hostname
+			tlsconfig.MinVersion = tls.VersionTLS12
+			tlsconfig.MaxVersion = tls.VersionTLS13
 			if sni := options.tlsSNI; sni != "" {
 				tlsconfig.ServerName = sni
 			}
diff --git a/src/core/link_tls.go b/src/core/link_tls.go
@@ -35,6 +35,8 @@ func (l *linkTLS) dial(ctx context.Context, url *url.URL, info linkInfo, options
 	tlsconfig := l.config.Clone()
 	return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) {
 		tlsconfig.ServerName = hostname
+		tlsconfig.MinVersion = tls.VersionTLS12
+		tlsconfig.MaxVersion = tls.VersionTLS13
 		if sni := options.tlsSNI; sni != "" {
 			tlsconfig.ServerName = sni
 		}
diff --git a/src/core/link_wss.go b/src/core/link_wss.go
@@ -34,6 +34,8 @@ func (l *linkWSS) dial(ctx context.Context, url *url.URL, info linkInfo, options
 	tlsconfig := l.tlsconfig.Clone()
 	return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) {
 		tlsconfig.ServerName = hostname
+		tlsconfig.MinVersion = tls.VersionTLS12
+		tlsconfig.MaxVersion = tls.VersionTLS13
 		u := *url
 		u.Host = net.JoinHostPort(ip.String(), fmt.Sprintf("%d", port))
 		addr := &net.TCPAddr{

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,8 @@ func (l linkSOCKS) dial(_ context.Context, url url.URL, info linkInfo, options`
`51`	`51`	`}`
`52`	`52`	`if url.Scheme == "sockstls" {`
`53`	`53`	`tlsconfig.ServerName = hostname`
	`54`	`+ tlsconfig.MinVersion = tls.VersionTLS12`
	`55`	`+ tlsconfig.MaxVersion = tls.VersionTLS13`
`54`	`56`	`if sni := options.tlsSNI; sni != "" {`
`55`	`57`	`tlsconfig.ServerName = sni`
`56`	`58`	`}`
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,8 @@ func (l linkTLS) dial(ctx context.Context, url url.URL, info linkInfo, options`
`35`	`35`	`tlsconfig := l.config.Clone()`
`36`	`36`	`return l.links.findSuitableIP(url, func(hostname string, ip net.IP, port int) (net.Conn, error) {`
`37`	`37`	`tlsconfig.ServerName = hostname`
	`38`	`+ tlsconfig.MinVersion = tls.VersionTLS12`
	`39`	`+ tlsconfig.MaxVersion = tls.VersionTLS13`
`38`	`40`	`if sni := options.tlsSNI; sni != "" {`
`39`	`41`	`tlsconfig.ServerName = sni`
`40`	`42`	`}`