Skip to content

Fix Fake-TLS (EE mode) regression with -D domain option #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Fix Fake-TLS (EE mode) regression with -D domain option #26

Copilot wants to merge 2 commits into from

Conversation

Copy link

Copilot AI commented Dec 28, 2025
edited
Loading

Fake-TLS connections stopped working after PR #24 and PR #25. Users confirmed it worked at f9d39fb but broke at 6f20cec.

Changes

  • Revert TLS ClientHello detection pattern: PR Fix Fake-TLS ClientHello detection to support TLS 1.2/1.3 #25 changed the check to incorrectly validate the length byte instead of the TLS minor version

    // Broken: checked length byte (byte 3) instead of minor version (byte 2)
(packet_len & 0xFF) == 0x16 && ((packet_len >> 8) & 0xFF) == 0x03 && (packet_len >> 24) >= 2

// Fixed: correctly matches TLS 1.0 record header \x16\x03\x01
(packet_len & 0xFFFFFF) == 0x010316 && (packet_len >> 24) >= 2

  • Remove unnecessary tag validation: The check rejecting DD mode when allow_only_tls was set is redundant—non-TLS connections are already rejected earlier at line 1251 when allow_only_tls=1

  • Remove debug logging added for troubleshooting

Original prompt

#23 is still not fixed. Also note that comment that things worked at commit f9d39fb and broke at least at 6f20cec

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@dvershinin
Fix Fake-TLS (EE mode) not working with -D option
cc93e53 
This fix reverts the problematic changes from PR #24 and PR #25 that broke
Fake-TLS connections:

1. Revert TLS ClientHello detection to original pattern: The change in PR #25
   incorrectly checked the length byte instead of TLS version, which could
   cause detection failures.

2. Remove the tag validation check that was incorrectly rejecting EE/EF modes:
   - For Fake-TLS connections (C_IS_TLS set), any valid tag should be accepted
   - For non-TLS connections with allow_only_tls=1, connection is rejected earlier
   - This check was unnecessary and was causing EE mode to fail

Fixes #23

Co-authored-by: dvershinin <250071+dvershinin@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix issue 23 regression in MTProxy functionality Fix Fake-TLS (EE mode) regression with -D domain option Dec 28, 2025
Copilot AI requested a review from dvershinin December 28, 2025 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dvershinin dvershinin Awaiting requested review from dvershinin

Assignees

@dvershinin dvershinin

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dvershinin