Skip to content

Commit 6a7da6f

Browse files
SilvengaSilvenga
committed
fix: avoid 403 by matching cipher suites to that of FF
1 parent 2dc6b5f commit 6a7da6f

File tree

3 files changed

+34
-4
lines changed

3 files changed

+34
-4
lines changed

Cargo.lock

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ bincode = "1.3.3"
6060
base2048 = "2.0.2"
6161
revision = "0.10.0"
6262
fake_user_agent = "0.2.2"
63-
63+
rustls = "0.21.12"
6464

6565
[dev-dependencies]
6666
lipsum = "0.9.0"

src/client.rs

Lines changed: 32 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ use futures_lite::{future::Boxed, FutureExt};
55
use hyper::client::HttpConnector;
66
use hyper::header::HeaderValue;
77
use hyper::{body, body::Buf, header, Body, Client, Method, Request, Response, Uri};
8-
use hyper_rustls::HttpsConnector;
8+
use hyper_rustls::{ConfigBuilderExt, HttpsConnector};
99
use libflate::gzip;
1010
use log::{error, trace, warn};
1111
use percent_encoding::{percent_encode, CONTROLS};
@@ -30,8 +30,37 @@ const REDDIT_SHORT_URL_BASE_HOST: &str = "redd.it";
3030
const ALTERNATIVE_REDDIT_URL_BASE: &str = "https://www.reddit.com";
3131
const ALTERNATIVE_REDDIT_URL_BASE_HOST: &str = "www.reddit.com";
3232

33-
pub static HTTPS_CONNECTOR: LazyLock<HttpsConnector<HttpConnector>> =
34-
LazyLock::new(|| hyper_rustls::HttpsConnectorBuilder::new().with_native_roots().https_only().enable_http2().build());
33+
pub static HTTPS_CONNECTOR: LazyLock<HttpsConnector<HttpConnector>> = LazyLock::new(|| {
34+
hyper_rustls::HttpsConnectorBuilder::new()
35+
.with_tls_config(
36+
rustls::ClientConfig::builder()
37+
// These are the Firefox 145.0 cipher suite,
38+
// minus the suites missing forward-secrecy support,
39+
// in the same order.
40+
// https://github.com/redlib-org/redlib/issues/446#issuecomment-3609306592
41+
.with_cipher_suites(&[
42+
rustls::cipher_suite::TLS13_AES_256_GCM_SHA384,
43+
rustls::cipher_suite::TLS13_AES_128_GCM_SHA256,
44+
rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256,
45+
rustls::cipher_suite::TLS13_AES_256_GCM_SHA384,
46+
rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
47+
rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
48+
rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
49+
rustls::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
50+
rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
51+
rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
52+
])
53+
// .with_safe_default_cipher_suites()
54+
.with_safe_default_kx_groups()
55+
.with_safe_default_protocol_versions()
56+
.unwrap()
57+
.with_native_roots()
58+
.with_no_client_auth(),
59+
)
60+
.https_only()
61+
.enable_http2()
62+
.build()
63+
});
3564

3665
pub static CLIENT: LazyLock<Client<HttpsConnector<HttpConnector>>> = LazyLock::new(|| Client::builder().build::<_, Body>(HTTPS_CONNECTOR.clone()));
3766

0 commit comments

Comments
 (0)