From f4287a770f6198dc67f2d57026a2cb09763ffc3c Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 16 Feb 2026 09:48:15 +0000
Subject: [PATCH] =?UTF-8?q?fix:=20align=20maxUselessRecords=20with=20OpenS?=
 =?UTF-8?q?SL/BoringSSL=20(16=20=E2=86=92=2032)=20to=20mitigate=20TLS=20st?=
 =?UTF-8?q?ack=20fingerprinting?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Go's crypto/tls uses maxUselessRecords=16, while BoringSSL, OpenSSL, and Apple
Security Framework all use a threshold of 32. This discrepancy allows active
probers to distinguish REALITY servers from real web servers by comparing the
ChangeCipherSpec error threshold before and after triggering the fallback.

Aligning to 32 eliminates this specific fingerprinting vector while maintaining
conservative DoS protection.

Reference: refraction-networking/utls#171 (client-side fix by @RPRX)
---
 common.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common.go b/common.go
index 8b19ccf..28f4af0 100644
--- a/common.go
+++ b/common.go
@@ -67,7 +67,7 @@ const (
 	recordHeaderLen            = 5            // record header length
 	maxHandshake               = 65536        // maximum handshake we support (protocol max is 16 MB)
 	maxHandshakeCertificateMsg = 262144       // maximum certificate message size (256 KiB)
-	maxUselessRecords          = 16           // maximum number of consecutive non-advancing records
+	maxUselessRecords          = 32           // maximum number of consecutive non-advancing records
 )
 
 // TLS record types.