From 3376860c0f7639890a761634dc0fc662c6af3732 Mon Sep 17 00:00:00 2001 From: Vadim Vetrov Date: Tue, 26 Nov 2024 18:47:29 +0300 Subject: [PATCH] Kyber on firefox --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 9b2dd8d..84d9ae7 100644 --- a/README.md +++ b/README.md @@ -254,6 +254,8 @@ If you have troubles with some sites being proxied, you can play with flags valu If you are on Chromium you may have to disable *kyber* (the feature that makes the TLS *ClientHello* very big). I've got the problem with it on router, so to escape possible errors, so it is better to disable it: in `chrome://flags` search for kyber and switch it to disabled state. Alternatively you may set `--sni-detection=brute` and probably adjust `--sni-domains` flag. +*Kyber* on firefox disables with `security.tls.enable_kyber` in `about:config`. + If your browser is using QUIC it may not work properly. Disable it in Chrome in `chrome://flags` and in Firefox `network.http.http{2,3}.enable(d)` in `about:config` option. It seems like some TSPUs started to block wrongseq packets, so you should play around with faking strategies. I personally recommend to start with `md5sum` faking strategy.