feat: reality add support-x25519mlkem768, it only works with new version server

component/tls/reality.go

@@ -35,6 +35,8 @@ const RealityMaxShortIDLen = 8
 type RealityConfig struct {
 	PublicKey *ecdh.PublicKey
 	ShortID   [RealityMaxShortIDLen]byte
+
+	SupportX25519MLKEM768 bool
 }
 
 func GetRealityConn(ctx context.Context, conn net.Conn, fingerprint UClientHelloID, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) {
@@ -48,38 +50,36 @@ func GetRealityConn(ctx context.Context, conn net.Conn, fingerprint UClientHello
 			SessionTicketsDisabled: true,
 			VerifyPeerCertificate:  verifier.VerifyPeerCertificate,
 		}
-		clientID := utls.ClientHelloID{
-			Client:  fingerprint.Client,
-			Version: fingerprint.Version,
-			Seed:    fingerprint.Seed,
-		}
-		uConn := utls.UClient(conn, uConfig, clientID)
+
+		uConn := utls.UClient(conn, uConfig, fingerprint)
 		verifier.UConn = uConn
 		err := uConn.BuildHandshakeState()
 		if err != nil {
 			return nil, err
 		}
 
-		// ------for X25519MLKEM768 does not work properly with reality-------
-		// Iterate over extensions and check
-		for _, extension := range uConn.Extensions {
-			if ce, ok := extension.(*utls.SupportedCurvesExtension); ok {
-				ce.Curves = slices.DeleteFunc(ce.Curves, func(curveID utls.CurveID) bool {
-					return curveID == utls.X25519MLKEM768
-				})
+		if !realityConfig.SupportX25519MLKEM768 {
+			// ------for X25519MLKEM768 does not work properly with the old reality server-------
+			// Iterate over extensions and check
+			for _, extension := range uConn.Extensions {
+				if ce, ok := extension.(*utls.SupportedCurvesExtension); ok {
+					ce.Curves = slices.DeleteFunc(ce.Curves, func(curveID utls.CurveID) bool {
+						return curveID == utls.X25519MLKEM768
+					})
+				}
+				if ks, ok := extension.(*utls.KeyShareExtension); ok {
+					ks.KeyShares = slices.DeleteFunc(ks.KeyShares, func(share utls.KeyShare) bool {
+						return share.Group == utls.X25519MLKEM768
+					})
+				}
 			}
-			if ks, ok := extension.(*utls.KeyShareExtension); ok {
-				ks.KeyShares = slices.DeleteFunc(ks.KeyShares, func(share utls.KeyShare) bool {
-					return share.Group == utls.X25519MLKEM768
-				})
+			// Rebuild the client hello
+			err = uConn.BuildHandshakeState()
+			if err != nil {
+				return nil, err
 			}
+			// --------------------------------------------------------------------
 		}
-		// Rebuild the client hello
-		err = uConn.BuildHandshakeState()
-		if err != nil {
-			return nil, err
-		}
-		// --------------------------------------------------------------------
 
 		hello := uConn.HandshakeState.Hello
 		rawSessionID := hello.Raw[39 : 39+32] // the location of session ID
@@ -144,7 +144,7 @@ func GetRealityConn(ctx context.Context, conn net.Conn, fingerprint UClientHello
 		log.Debugln("REALITY Authentication: %v, AEAD: %T", verifier.verified, aeadCipher)
 
 		if !verifier.verified {
-			go realityClientFallback(uConn, uConfig.ServerName, clientID)
+			go realityClientFallback(uConn, uConfig.ServerName, fingerprint)
 			return nil, errors.New("REALITY authentication failed")
 		}