How to not send TLS_EMPTY_RENEGOTIATION_INFO ? #503
Description
Sending TLS_EMPTY_RENEGOTIATION_INFO is OpenSSL's specific and usually be treated as a bot.
Is there a way to not send it ?
Code:
import tlslite
import socket
from tlslite.integration import *
from tlslite.tlsconnection import TLSConnection
settings = tlslite.HandshakeSettings()
settings.sendFallbackSCSV = False
settings.cipherNames = ["aes128gcm", "chacha20-poly1305", "aes256gcm"]
s = socket.socket()
s.settimeout(100)
s.connect(("tls.peet.ws", 443))
s.settimeout(None)
c = TLSConnection(s)
c.handshakeClientCert(settings=settings)
c.sendall(b'''GET /api/all HTTP/1.1\r\nHost: tls.peet.ws\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/jxl,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\n''')
content = b''
while True:
data = c.recv(4028)
if data == b'':
break
content += data
print(content)
Result:
b'HTTP/1.1 200 OK\r\nContent-Length: 2805\r\nContent-Type: application/json; charset=utf-8\r\nServer: TrackMe\r\n\r\n{\n "ip": "14.177.213.243:60591",\n "http_version": "HTTP/1.1",\n "method": "GET",\n "tls": {\n "ciphers": [\n "TLS_EMPTY_RENEGOTIATION_INFO",\n "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",\n "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",\n "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",\n "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",\n "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",\n "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",\n "TLS_RSA_WITH_AES_256_GCM_SHA384",\n "TLS_RSA_WITH_AES_128_GCM_SHA256"\n ],\n "extensions": [\n {\n "name": "encrypt_then_mac (22)",\n "data": ""\n },\n {\n "name": "extended_master_secret (23)",\n "master_secret_data": "",\n "extended_master_secret_data": ""\n },\n {\n "name": "ec_point_formats (11)",\n "elliptic_curves_point_formats": [\n "0x00"\n ]\n },\n {\n "name": "supported_groups (10)",\n "supported_groups": [\n "X25519 (29)",\n "X448 (30)",\n "P-384 (24)",\n "P-256 (23)",\n "P-521 (25)",\n "ffdhe2048 (256)",\n "ffdhe3072 (257)",\n "ffdhe4096 (258)",\n "ffdhe6144 (259)",\n "ffdhe8192 (260)"\n ]\n },\n {\n "name": "signature_algorithms (13)",\n "signature_algorithms": [\n "rsa_pss_rsae_sha512",\n "rsa_pss_rsae_sha384",\n "rsa_pss_rsae_sha256",\n "rsa_pkcs1_sha512",\n "rsa_pkcs1_sha384",\n "rsa_pkcs1_sha256",\n "0x301",\n "rsa_pkcs1_sha1"\n ]\n },\n {\n "name": "cert_type (9)",\n "data": "0100"\n }\n ],\n "tls_version_record": "771",\n "tls_version_negotiated": "771",\n "ja3": "771,255-52392-49200-49199-52394-159-158-157-156,22-23-11-10-13-9,29-30-24-23-25-256-257-258-259-260,0",\n "ja3_hash": "5f76d72163bd108e030427e44e671465",\n "peetprint": "||29-30-24-23-25-256-257-258-259-260|2054-2053-2052-1537-1281-1025-769-513|0||255-52392-49200-49199-52394-159-158-157-156|10-11-13-22-23-9",\n "peetprint_hash": "57c813e9ab2472fe6389340d26a2d158",\n "client_random": "caa0cbef7f55621cb6d593127eb1399ae9c68c2460cfc9a967da0e947f2d70a7",\n "session_id": ""\n },\n "http1": {\n "headers": [\n "Host: tls.peet.ws",\n "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0",\n "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/jxl,image/webp,*/*;q=0.8",\n "Accept-Language: en-US,en;q=0.5",\n "Accept-Encoding: gzip, deflate, br",\n "Connection: keep-alive",\n "Upgrade-Insecure-Requests: 1",\n "Sec-Fetch-Dest: document",\n "Sec-Fetch-Mode: navigate",\n "Sec-Fetch-Site: none",\n "Sec-Fetch-User: ?1"\n ]\n }\n}\r\n\r\n'