7455f76351
* feat: match Go TLS fingerprint for MITM upstream connections Replace rustls with boring2 (BoringSSL) for all MITM→Google upstream connections, configured with Go crypto/tls exact defaults: - Cipher suites: TLS_AES_128_GCM_SHA256 + 14 others in Go order - Curves: X25519, P-256, P-384 - Signature algorithms: ECDSA+SHA256, RSA-PSS+SHA256, etc. - HTTP/2 SETTINGS: 4MB stream window, 1GB connection window, 10MB header list, no adaptive windowing Local TLS (LS→MITM) still uses rustls for CA cert presentation. boring2/tokio-boring2 were already compiled as transitive deps from wreq — no new build time added. * chore: fmt + update README TLS description
1.4 KiB
1.4 KiB