feat(extensions): expose all utls TLS extensions in genMap parrot map#66
Merged
Danny-Dasilva merged 1 commit intomainfrom Apr 28, 2026
Merged
feat(extensions): expose all utls TLS extensions in genMap parrot map#66Danny-Dasilva merged 1 commit intomainfrom
Danny-Dasilva merged 1 commit intomainfrom
Conversation
Audit of utls 1.8.x parrot map (genMap) revealed three pre-existing gaps
where dedicated utls extension types existed but genMap fell back to
GenericExtension. Replacing them with the proper types lets utls own the
wire encoding (including any future bugfixes) and removes hand-rolled
byte payloads:
- ID 17 (status_request_v2): GenericExtension -> StatusRequestV2Extension
(proper RFC 6961 encoding instead of zero-length GenericExtension)
- ID 17613 (TLS ALPS new codepoint): GenericExtension -> ApplicationSettingsExtensionNew
Hand-rolled 5-byte payload {0x00,0x03,0x02,0x68,0x32} replaced by
SupportedProtocols-driven encoding identical to ID 17513.
- ID 30032 (Channel ID): GenericExtension(Id:0x7550, Data:{0}) ->
FakeChannelIDExtension{}. Wire format also corrected: real Chrome
ChannelID is a 4-byte zero-payload extension, the previous
GenericExtension emitted 5 bytes (length=1).
ID 51 (KeyShare), ID 43 (SupportedVersions), IDs 10/11 (curves/points)
remain populated by callers because they depend on per-call inputs
(version, GREASE flag, JA3 curves). ID 65037 (GREASE_ECH) is already
correctly using utls.BoringGREASEECH(). IDs 22 (encrypt_then_mac) and
49 (post_handshake_auth) intentionally stay as GenericExtension because
utls does not provide dedicated types for them.
go build ./... and go test ./... -short pass.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Full re-audit (not just version-delta) of utls v1.8.x extension types vs
golang/utils.go::genMap()found three pre-existing parrot gaps that were never tied to a recent utls upgrade. ReplaceGenericExtensionfallbacks with the proper utls types so the library owns the wire encoding.Changes (
golang/utils.go::genMap)17(status_request_v2)GenericExtension{Id: 17}StatusRequestV2Extension{}v1.5.x. EmptyGenericExtensionproduced an under-spec wire blob.17613(TLS ALPS new codepoint,0x44cd)GenericExtension{Id:17613, Data:{0x00,0x03,0x02,0x68,0x32}}ApplicationSettingsExtensionNew{SupportedProtocols:["h2"]}17513mapping that already usesApplicationSettingsExtension. Hand-rolled byte payload removed.30032(Channel ID,0x7550)GenericExtension{Id:0x7550, Data:{0}}FakeChannelIDExtension{}GenericExtensionemitted 5 bytes (length=1, data=0x00) — this is a wire-format bug-fix as well as a parrot upgrade.Intentionally unchanged (verified via re-audit)
10(SupportedCurvesExtension),11(SupportedPointsExtension),43(SupportedVersionsExtension),51(KeyShareExtension) — populated by callers (StringToSpec,QUICStringToSpec) because their values depend on per-call inputs (TLS version, JA3 curves list, GREASE flag).22(encrypt_then_mac) and49(post_handshake_auth) — utls does not expose dedicated types for these;GenericExtensionis the correct path.65037(GREASE_ECH,0xfe0d) — already usesutls.BoringGREASEECH().41(UtlsPreSharedKeyExtension),24(FakeTokenBindingExtension),28(FakeRecordSizeLimitExtension),34(DelegatedCredentialsExtension),27(UtlsCompressCertExtension),13172(NPNExtension) — already mapped to proper utls types.What this enables
status_request_v2, the new ALPS codepoint, or Channel ID. The wire bytes now match what Chrome actually emits.Test plan
go build ./...(golang/) — passes.go test ./... -short— passes (ok github.com/Danny-Dasilva/CycleTLS/cycletls).tls.peet.ws/tools.scrapfly.ioto confirm the on-the-wire JA3/JA4 hash for affected fingerprints matches Chrome (recommend running CI live-network suite).