Alexander Bersenev
50cd74051f
add a message if uvloop is found
2019-08-30 16:05:08 +05:00
Alexander Bersenev
1d826866d1
print time skew message as one line
2019-08-26 17:00:34 +05:00
Alexander Bersenev
ff6b826e13
do not output canceled errors to get rid from scarry traceback on the proxy termination
2019-08-26 16:51:48 +05:00
Alexander Bersenev
3315ac1df6
add one more param into the undocummented mode of launch
2019-08-26 16:07:35 +05:00
Alexander Bersenev
4184875405
advice to use uvloop instead of PyPy interpreter. The uvloop gives a better speed and memory consumption
2019-08-25 03:05:45 +05:00
Alexander Bersenev
d34a15bca3
nicer exception printing
2019-08-23 23:55:26 +05:00
Alexander Bersenev
56bfab51d5
necer exception printing
2019-08-23 23:51:53 +05:00
Alexander Bersenev
4f8b1b16db
modify the workaround
2019-08-23 18:12:53 +05:00
Alexander Bersenev
27f5d249a7
add a workaround against the clients who send zero as their itimestamp
2019-08-23 17:19:03 +05:00
Alexander Bersenev
c51f6f85b8
correct the byte in the initial server hello
2019-08-23 05:24:18 +05:00
Alexander Bersenev
44a52bf958
remove the workaround
2019-08-23 02:19:21 +05:00
Alexander Bersenev
8520a26837
ability to disable replay protection
2019-08-23 01:59:53 +05:00
Alexander Bersenev
068996ab36
fix small typo
2019-08-23 01:45:54 +05:00
Alexander Bersenev
4faa96732f
workaround: the fifth telegram server doesn't answer on IPv6
2019-08-23 01:43:44 +05:00
Alexander Bersenev
bee0b3be6b
cache the ip address of mask host
2019-08-23 01:18:24 +05:00
Alexander Bersenev
09fec8ca99
Merge branch 'master' of github.com:alexbers/mtprotoproxy
2019-08-21 16:15:31 +05:00
Alexander Bersenev
25d76bee09
do not create the copy of cryptography adapter classes
2019-08-21 16:14:48 +05:00
Alexander Bersenev
a680b3e854
Update README.md
2019-08-21 03:06:20 +05:00
Alexander Bersenev
3fe87954a2
Update README.md
2019-08-21 02:50:34 +05:00
Alexander Bersenev
3fb3da139f
Update README.md
2019-08-21 02:05:57 +05:00
Alexander Bersenev
014e450e62
change readme
2019-08-21 02:03:55 +05:00
Alexander Bersenev
04491f8a6a
use hand-made random generator to make randoms more unpredictable
2019-08-20 01:58:19 +05:00
Alexander Bersenev
e081d6b727
generate plausible x25519 public key for server hello also
2019-08-19 21:48:54 +05:00
Alexander Bersenev
ea28a7055a
small readme fixes
2019-08-19 19:16:36 +05:00
Alexander Bersenev
45cb849ca9
change tls status from experimental to new
2019-08-19 18:50:52 +05:00
Alexander Bersenev
e66818326e
generate plausible keys in the key share extension
2019-08-19 17:48:10 +05:00
Alexander Bersenev
4a1bf1ec6a
print warning about default settings on stderr
2019-08-19 04:59:05 +05:00
Alexander Bersenev
854aaa1f24
add flush on print
2019-08-19 04:57:48 +05:00
Alexander Bersenev
5b0ad45cb9
cosmetic fix
2019-08-19 04:56:37 +05:00
Alexander Bersenev
26e00a7409
give some advices about non-secure settings on startup
2019-08-19 04:55:09 +05:00
Alexander Bersenev
ac6d20a897
redesing exception handling logic in handle_bad_client
2019-08-19 04:13:50 +05:00
Alexander Bersenev
06ed40c815
handle unknown ip situation, for example for unix-sockets
2019-08-19 03:44:08 +05:00
Alexander Bersenev
1938c7d3bb
change comment
2019-08-19 03:33:04 +05:00
Alexander Bersenev
01fd1a34c2
be more clear about proxy protocol usage
2019-08-19 03:31:10 +05:00
Alexander Bersenev
1a0977b10e
handle the connection resets
2019-08-19 00:25:54 +05:00
Alexander Bersenev
9dc8521c18
copy the way how the mask server closes the tcp connection to the client
2019-08-18 21:59:33 +05:00
Alexander Bersenev
4169e6acab
move the import to the top of the file
2019-08-17 15:20:05 +05:00
Vladislav Grishenko
121a8974de
add unix socket support ( #127 )
...
Config option LISTEN_UNIX_SOCK = "/path/to/socket.file" allows to listen
on specified unix socket in additional to (or instead of) configured ip
addresses. Listening on a socket can be useful for connection from local
reverse proxy w/o wasting tcp ports and network subsystem resources just
for inter-process communication.
Default value is empty - socket not used.
2019-08-17 15:11:49 +05:00
Alexander Bersenev
fdf5efe3d2
change max tls record size to make it look like complying https://tools.ietf.org/html/rfc8446\#section-5.2 instead of the section 5.1
2019-08-17 14:42:49 +05:00
Alexander Bersenev
015d0a2012
be more tolerate to time skewing. This should cover 90% of cases
2019-08-17 13:21:57 +05:00
Alexander Bersenev
dcad0bd51b
if the client time is skewed, just print a message for a while. Additional analysis needed
2019-08-17 04:48:17 +05:00
Alexander Bersenev
da9e51ed03
better error texts
2019-08-17 02:07:17 +05:00
Alexander Bersenev
59306e6e67
take cert length from the masked host
2019-08-16 20:25:23 +05:00
Alexander Bersenev
7502d1dc31
add one more message about the client time skew
2019-08-16 18:11:50 +05:00
Alexander Bersenev
9df42cda79
time based protection against replay attack
2019-08-16 18:01:20 +05:00
Alexander Bersenev
a65f7a8e17
add one more nonce in the reserved nonces list
2019-08-16 16:45:22 +05:00
Alexander Bersenev
8a4bc77125
make default client handshake timeout random
2019-08-16 16:23:14 +05:00
Alexander Bersenev
294cb65738
rename the function from pseudo tls to the fake tls to make the terminology consistent
2019-08-16 16:15:09 +05:00
Alexander Bersenev
559c577df1
early break if the protocol is not tls
2019-08-16 15:17:07 +05:00
Alexander Bersenev
ccc8c3fb14
read initial tls header byte by byte
2019-08-16 15:07:27 +05:00
