Utls
Monthly
uTLS versions 1.6.0 through 1.8.0 fail to properly mimic Chrome's cipher suite selection behavior when using GREASE ECH, randomly choosing ChaCha20 for encrypted client hello while consistently using AES for the outer handshake—a mismatch that does not occur in actual Chrome and creates detectable fingerprints. This inconsistency affects users relying on uTLS for fingerprinting resistance and could enable network observers to distinguish uTLS traffic from legitimate Chrome connections. A patch is available to correct the cipher suite selection logic.
uTLS versions 1.6.7 and below fail to validate TLS 1.3 downgrade protection mechanisms, allowing network attackers to force ClientHello modifications that cause servers to respond with lower TLS versions while bypassing detection checks. An active attacker can exploit this to downgrade encrypted connections to TLS 1.2 or earlier, potentially exposing traffic to known cryptographic weaknesses. Affected users of uTLS, Red Hat, and other TLS implementations should update to patched versions immediately.
uTLS versions 1.6.0 through 1.8.0 fail to properly mimic Chrome's cipher suite selection behavior when using GREASE ECH, randomly choosing ChaCha20 for encrypted client hello while consistently using AES for the outer handshake—a mismatch that does not occur in actual Chrome and creates detectable fingerprints. This inconsistency affects users relying on uTLS for fingerprinting resistance and could enable network observers to distinguish uTLS traffic from legitimate Chrome connections. A patch is available to correct the cipher suite selection logic.
uTLS versions 1.6.7 and below fail to validate TLS 1.3 downgrade protection mechanisms, allowing network attackers to force ClientHello modifications that cause servers to respond with lower TLS versions while bypassing detection checks. An active attacker can exploit this to downgrade encrypted connections to TLS 1.2 or earlier, potentially exposing traffic to known cryptographic weaknesses. Affected users of uTLS, Red Hat, and other TLS implementations should update to patched versions immediately.