Remove Chrome fingerprints from the default uTLS distribution.
In testing with uTLS v1.0.0, go1.15.15, -doh and -dot, and dns.google
and 1.1.1.1, there is no Chrome fingerprint that works on all of them. I
did not investigate what exactly is going wrong. The error message
generally is "remote error: tls: unexpected message".
-doh dns.google -dot dns.google -doh 1.1.1.1 -dot 1.1.1.1
Firefox_55 ok ok ok ok
Firefox_56 ok ok ok ok
Firefox_63 ok ok ok ok
Firefox_65 ok ok ok ok
Chrome_58 ERROR ERROR ok ok
Chrome_62 ERROR ERROR ok ok
Chrome_70 ERROR ERROR ERROR ok
Chrome_72 ok ok ERROR ok
Chrome_83 ok ok ERROR ok
iOS_11_1 ok ok ok ok
iOS_12_1 ok ok ok ok
This is a script I used for testing fingerprints:
FPS="none Firefox_55 Firefox_56 Firefox_63 Firefox_65 Chrome_58 Chrome_62 Chrome_70 Chrome_72 Chrome_83 iOS_11_1 iOS_12_1"
sudo -v; \
for HOST in dns.google 1.1.1.1; do \
for UTLS in $FPS; do \
ID="doh-utls-$HOST-$UTLS"; \
sudo tcpdump -n -U -w "$ID.pcap" & \
timeout 2 ./dnstt-client -doh https://"$HOST"/dns-query -utls "$UTLS" -pubkey-file "$PUBKEY" "$DOMAIN" 127.0.0.1:7000; \
sudo kill $!; \
tshark -n -V -Y ssl.handshake.ciphersuites -r "$ID.pcap" | sed -n -e '/^Transport Layer Security/,/^$/p' > "$ID.txt"; \
ID="dot-utls-$HOST-$UTLS"; \
sudo tcpdump -n -U -w "$ID.pcap" & \
timeout 2 ./dnstt-client -dot "$HOST":853 -utls "$UTLS" -pubkey-file "$PUBKEY" "$DOMAIN" 127.0.0.1:7000; \
sudo kill $!; \
tshark -n -V -Y ssl.handshake.ciphersuites -r "$ID.pcap" | sed -n -e '/^Transport Layer Security/,/^$/p' > "$ID.txt"; \
done; \
done