I think your program lacks diagnostics capabilities.
verbose mode
if something goes wrong its hard to understand what’s happening
For example, if client cannot go beyond handshake phase it doesnt output anything
Also it would be good to have remote tls cert ignore option
to connect directly to https://ip_address not showing actual domain in the SNI
Thanks for the suggestions.
For SNI removal, you can try this patch. It will only work with the uTLS modes. It would take additional effort to make it work with -utls None (for example).
diff --git a/dnstt-client/utls.go b/dnstt-client/utls.go
index 7a6af56..4f60844 100644
--- a/dnstt-client/utls.go
+++ b/dnstt-client/utls.go
@@ -71,6 +71,11 @@ func utlsDialContext(ctx context.Context, network, addr string, config *utls.Con
return nil, err
}
uconn := utls.UClient(conn, config, *id)
+ err = uconn.RemoveSNIExtension()
+ if err != nil {
+ uconn.Close()
+ return nil, err
+ }
// Manually remove the SNI if it contains an IP address.
// https://github.com/refraction-networking/utls/issues/96
if net.ParseIP(config.ServerName) != nil {