If we get a TLS handshake error, recommend using the default suite
This commit is contained in:
parent
6d2330eaf0
commit
19db1a1560
|
@ -270,6 +270,9 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
|
||||||
if _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil {
|
if _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil {
|
||||||
useGet = true
|
useGet = true
|
||||||
if _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil {
|
if _, _, err := proxy.xTransport.DoHQuery(useGet, url, body, proxy.timeout); err != nil {
|
||||||
|
if proxy.xTransport.tlsCipherSuite != nil && strings.Contains(err.Error(), "handshake failure") {
|
||||||
|
dlog.Warnf("TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file")
|
||||||
|
}
|
||||||
return ServerInfo{}, err
|
return ServerInfo{}, err
|
||||||
}
|
}
|
||||||
dlog.Debugf("Server [%s] doesn't appear to support POST; falling back to GET requests", name)
|
dlog.Debugf("Server [%s] doesn't appear to support POST; falling back to GET requests", name)
|
||||||
|
@ -282,6 +285,7 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
|
||||||
if tls == nil || !tls.HandshakeComplete {
|
if tls == nil || !tls.HandshakeComplete {
|
||||||
return ServerInfo{}, errors.New("TLS handshake failed")
|
return ServerInfo{}, errors.New("TLS handshake failed")
|
||||||
}
|
}
|
||||||
|
dlog.Infof("[%s] TLS version: %x - Protocol: %v - Cipher suite: %v", name, tls.Version, tls.NegotiatedProtocol, tls.CipherSuite)
|
||||||
showCerts := len(os.Getenv("SHOW_CERTS")) > 0
|
showCerts := len(os.Getenv("SHOW_CERTS")) > 0
|
||||||
found := false
|
found := false
|
||||||
var wantedHash [32]byte
|
var wantedHash [32]byte
|
||||||
|
|
Loading…
Reference in New Issue