Skip to content

Commit

Permalink
added --tls-max option support
Browse files Browse the repository at this point in the history
  • Loading branch information
@ameshkov
ameshkov committed Mar 31, 2024
1 parent 1c1070a commit b28234a
Show file tree
Hide file tree
Showing 5 changed files with 72 additions and 41 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ adheres to [Semantic Versioning][semver].

## [Unreleased]

* Added support for the `--tls-max` argument.

[unreleased]: https://github.com/ameshkov/gocurl/compare/v1.4.1...HEAD

## [1.4.1] - 2024-02-07
Expand Down
91 changes: 52 additions & 39 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,61 +262,74 @@ Usage:
gocurl [OPTIONS]
Application Options:
--url=<URL> URL the request will be made to. Can be
specified without any flags.
--url=<URL> URL the request will be made to.
Can be specified without any flags.
-X, --request=<method> HTTP method. GET by default.
-d, --data=<data> Sends the specified data to the HTTP
server using content type
-d, --data=<data> Sends the specified data to the
HTTP server using content type
application/x-www-form-urlencoded.
-H, --header= Extra header to include in the request.
Can be specified multiple times.
-H, --header= Extra header to include in the
request. Can be specified multiple
times.
-x, --proxy=[protocol://username:password@]host[:port] Use the specified proxy. The proxy
string can be specified with a
protocol:// prefix.
--connect-to=<HOST1:PORT1:HOST2:PORT2> For a request to the given HOST1:PORT1
pair, connect to HOST2:PORT2 instead.
Can be specified multiple times.
--connect-to=<HOST1:PORT1:HOST2:PORT2> For a request to the given
HOST1:PORT1 pair, connect to
HOST2:PORT2 instead. Can be
specified multiple times.
-I, --head Fetch the headers only.
-k, --insecure Disables TLS verification of the
connection.
--tlsv1.3 Forces gocurl to use TLS v1.3.
--tlsv1.2 Forces gocurl to use TLS v1.2.
--tlsv1.3 Forces gocurl to use TLS v1.3 or
newer.
--tlsv1.2 Forces gocurl to use TLS v1.2 or
newer.
--tls-max=<VERSION> (TLS) VERSION defines maximum
supported TLS version. Can be 1.2
or 1.3. The minimum acceptable
version is set by tlsv1.2 or
tlsv1.3.
--http1.1 Forces gocurl to use HTTP v1.1.
--http2 Forces gocurl to use HTTP v2.
--http3 Forces gocurl to use HTTP v3.
--ech Enables ECH support for the request.
--ech Enables ECH support for the
request.
--echconfig=<base64-encoded data> ECH configuration to use for this
request. Implicitly enables --ech when
specified.
-4, --ipv4 This option tells gocurl to use IPv4
addresses only when resolving host
names.
-6, --ipv6 This option tells gocurl to use IPv6
addresses only when resolving host
names.
request. Implicitly enables --ech
when specified.
-4, --ipv4 This option tells gocurl to use
IPv4 addresses only when resolving
host names.
-6, --ipv6 This option tells gocurl to use
IPv6 addresses only when resolving
host names.
--dns-servers=<DNSADDR1,DNSADDR2> DNS servers to use when making the
request. Supports encrypted DNS:
tls://, https://, quic://, sdns://
--resolve=<[+]host:port:addr[,addr]...> Provide a custom address for a specific
host. port is ignored by gocurl. '*'
can be used instead of the host name.
Can be specified multiple times.
--tls-split-hello=<CHUNKSIZE:DELAY> An option that allows splitting TLS
ClientHello in two parts in order to
avoid common DPI systems detecting TLS.
CHUNKSIZE is the size of the first
bytes before ClientHello is split,
DELAY is delay in milliseconds before
--resolve=<[+]host:port:addr[,addr]...> Provide a custom address for a
specific host. port is ignored by
gocurl. '*' can be used instead of
the host name. Can be specified
multiple times.
--tls-split-hello=<CHUNKSIZE:DELAY> An option that allows splitting
TLS ClientHello in two parts in
order to avoid common DPI systems
detecting TLS. CHUNKSIZE is the
size of the first bytes before
ClientHello is split, DELAY is
delay in milliseconds before
sending the second part.
--json-output Makes gocurl write machine-readable
output in JSON format.
-o, --output=<file> Defines where to write the received
data. If not set, gocurl will write
everything to stdout.
--experiment=<name[:value]> Allows enabling experimental options.
See the documentation for available
options. Can be specified multiple
times.
--json-output Makes gocurl write
machine-readable output in JSON
format.
-o, --output=<file> Defines where to write the
received data. If not set, gocurl
will write everything to stdout.
--experiment=<name[:value]> Allows enabling experimental
options. See the documentation for
available options. Can be
specified multiple times.
-v, --verbose Verbose output (optional).
Help Options:
Expand Down
2 changes: 2 additions & 0 deletions internal/client/clientdialer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,8 @@ func createTLSConfig(cfg *config.Config, out *output.Output) (tlsConfig *tls.Con
MaxVersion: cfg.TLSMaxVersion,
}

tls.CipherSuites()

if cfg.Insecure {
tlsConfig.InsecureSkipVerify = true
}
Expand Down
11 changes: 11 additions & 0 deletions internal/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,11 @@ func NewExperiment(str string) (e Experiment, err error) {

// ParseConfig parses and validates os.Args and returns the final *Config
// object.
//
// Disable gocyclo for ParseConfig as it's supposed to be a large function with
// if conditions.
//
// nolint:gocyclo
func ParseConfig() (cfg *Config, err error) {
opts, err := parseOptions()

Expand Down Expand Up @@ -206,6 +211,12 @@ func ParseConfig() (cfg *Config, err error) {
cfg.TLSMinVersion = tls.VersionTLS13
}

if opts.TLSMax == "1.2" {
cfg.TLSMaxVersion = tls.VersionTLS12
} else if opts.TLSMax == "1.3" {
cfg.TLSMaxVersion = tls.VersionTLS13
}

if opts.TLSSplitHello != "" {
cfg.TLSSplitChunkSize, cfg.TLSSplitDelay, err = parseTLSSplitHello(opts.TLSSplitHello)
if err != nil {
Expand Down
7 changes: 5 additions & 2 deletions internal/config/options.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,13 @@ type Options struct {
Insecure bool `short:"k" long:"insecure" description:"Disables TLS verification of the connection." optional:"yes" optional-value:"true"`

// TLSv13 forces to use TLS v1.3.
TLSv13 bool `long:"tlsv1.3" description:"Forces gocurl to use TLS v1.3." optional:"yes" optional-value:"true"`
TLSv13 bool `long:"tlsv1.3" description:"Forces gocurl to use TLS v1.3 or newer." optional:"yes" optional-value:"true"`

// TLSv13 forces to use TLS v1.2.
TLSv12 bool `long:"tlsv1.2" description:"Forces gocurl to use TLS v1.2." optional:"yes" optional-value:"true"`
TLSv12 bool `long:"tlsv1.2" description:"Forces gocurl to use TLS v1.2 or newer." optional:"yes" optional-value:"true"`

// TLSMax specifies the maximum supported TLS version.
TLSMax string `long:"tls-max" description:"(TLS) VERSION defines maximum supported TLS version. Can be 1.2 or 1.3. The minimum acceptable version is set by tlsv1.2 or tlsv1.3." value-name:"<VERSION>"`

// HTTPv11 forces to use HTTP v1.1.
HTTPv11 bool `long:"http1.1" description:"Forces gocurl to use HTTP v1.1." optional:"yes" optional-value:"true"`
Expand Down

0 comments on commit b28234a

Please sign in to comment.