Conversation
- Add okhttp3 preset: TLS 1.2 only, CBC/RSA cipher suites, 9 extensions - Add okhttp5 preset: same TLS as okhttp4, different user-agent - Wire impit's extension_order to rustls's contiguous_extensions for deterministic TLS extension ordering (fixes JA3 hash randomization) - Restrict to TLS 1.2 when fingerprint has supported_versions: false - Point rustls patch to yfe404/rustls fork with extension_order support - Update Node.js and Python bindings with new browser variants
…order feat: OkHttp 3/5 presets + deterministic TLS extension ordering
Cargo.toml
Outdated
| [patch.crates-io] | ||
| h2 = { git = "https://github.com/apify/h2", rev = "7f393a728a8db07cabb1b78d2094772b33943b9a" } | ||
| rustls = { git = "https://github.com/apify/rustls", rev="4823cdb16098938eccf91af1329e9d5b681e3554" } | ||
| rustls = { git = "https://github.com/yfe404/rustls", rev="82b086057357e472ab2d519cff7be1f50b2d83e5" } |
There was a problem hiding this comment.
The changes have been merged to apify/rustls:impit-main, so this can be reverted
There was a problem hiding this comment.
reverted and pointing to the right commit
| .iter() | ||
| .filter_map(|ext| { | ||
| match ext { | ||
| ExtensionType::ServerName => Some(RustlsExtType::ServerName), |
There was a problem hiding this comment.
This is not necessary for now, but perhaps we could unify the enums somehow (use the rustls enum here?), so we don't have this duplicity. wdyt, does it make sense?
There was a problem hiding this comment.
Agreed, the 1:1 mapping seem is redundant. Worth refactoring later imo
impit/src/tls/mod.rs
Outdated
| } else { | ||
| rustls::ClientConfig::builder_with_provider(crypto_provider_arc) | ||
| .with_protocol_versions(&[&rustls::version::TLS12]) |
There was a problem hiding this comment.
I'm wondering whether we could somehow pass the tls13_enabled in here to keep the changes smaller (no big deal if not).
There was a problem hiding this comment.
True, would be cleaner, I add that to the commit below
…lify TLS version branching - Point rustls dependency back to apify/rustls at merged commit - Wire supported_versions through to TlsExtensionsConfig so OkHttp 3's false value flows to rustls for extension suppression - Collapse 3 ClientConfig branches into 2 by extracting protocol_versions
3 participants
Adds profiles for emulating the fingerprints of the OkHTTP library (JVM / Android HTTP client).
Closes #411