Skip to content

Commit ba98178

Browse files
sigaloidsigaloid
authored
Merge pull request #510 from Silvenga/match-ff-ciphers
Avoid 403 by Changing Ciphers List
2 parents 2dc6b5f + 9e1c096 commit ba98178

File tree

3 files changed

+33
-4
lines changed

3 files changed

+33
-4
lines changed

Cargo.lock

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ bincode = "1.3.3"
6060
base2048 = "2.0.2"
6161
revision = "0.10.0"
6262
fake_user_agent = "0.2.2"
63-
63+
rustls = "0.21.12"
6464

6565
[dev-dependencies]
6666
lipsum = "0.9.0"

src/client.rs

Lines changed: 31 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ use futures_lite::{future::Boxed, FutureExt};
55
use hyper::client::HttpConnector;
66
use hyper::header::HeaderValue;
77
use hyper::{body, body::Buf, header, Body, Client, Method, Request, Response, Uri};
8-
use hyper_rustls::HttpsConnector;
8+
use hyper_rustls::{ConfigBuilderExt, HttpsConnector};
99
use libflate::gzip;
1010
use log::{error, trace, warn};
1111
use percent_encoding::{percent_encode, CONTROLS};
@@ -30,8 +30,36 @@ const REDDIT_SHORT_URL_BASE_HOST: &str = "redd.it";
3030
const ALTERNATIVE_REDDIT_URL_BASE: &str = "https://www.reddit.com";
3131
const ALTERNATIVE_REDDIT_URL_BASE_HOST: &str = "www.reddit.com";
3232

33-
pub static HTTPS_CONNECTOR: LazyLock<HttpsConnector<HttpConnector>> =
34-
LazyLock::new(|| hyper_rustls::HttpsConnectorBuilder::new().with_native_roots().https_only().enable_http2().build());
33+
pub static HTTPS_CONNECTOR: LazyLock<HttpsConnector<HttpConnector>> = LazyLock::new(|| {
34+
hyper_rustls::HttpsConnectorBuilder::new()
35+
.with_tls_config(
36+
rustls::ClientConfig::builder()
37+
// These are the Firefox 145.0 cipher suite,
38+
// minus the suites missing forward-secrecy support,
39+
// in the same order.
40+
// https://github.com/redlib-org/redlib/issues/446#issuecomment-3609306592
41+
.with_cipher_suites(&[
42+
rustls::cipher_suite::TLS13_AES_256_GCM_SHA384,
43+
rustls::cipher_suite::TLS13_AES_128_GCM_SHA256,
44+
rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256,
45+
rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
46+
rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
47+
rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
48+
rustls::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
49+
rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
50+
rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
51+
])
52+
// .with_safe_default_cipher_suites()
53+
.with_safe_default_kx_groups()
54+
.with_safe_default_protocol_versions()
55+
.unwrap()
56+
.with_native_roots()
57+
.with_no_client_auth(),
58+
)
59+
.https_only()
60+
.enable_http2()
61+
.build()
62+
});
3563

3664
pub static CLIENT: LazyLock<Client<HttpsConnector<HttpConnector>>> = LazyLock::new(|| Client::builder().build::<_, Body>(HTTPS_CONNECTOR.clone()));
3765

0 commit comments

Comments
 (0)