forked from zaclys/searxng
8fa54ffddf
From the analyse of @9Ninety [1] we know that DDG (and may be other engines / I have startpage in mind) does some kind of TLS fingerprint to block bots. This patch shuffles the default ciphers from httpx to avoid a cipher profile that is known to httpx (and blocked by DDG). [1] https://github.com/searxng/searxng/issues/2246#issuecomment-1467895556 ---- From `What Is TLS Fingerprint and How to Bypass It`_ > When implementing TLS fingerprinting, servers can't operate based on a > locked-in whitelist database of fingerprints. New fingerprints appear > when web clients or TLS libraries release new versions. So, they have to > live off a blocklist database instead. > ... > It's safe to leave the first three as is but shuffle the remaining ciphers > and you can bypass the TLS fingerprint check. .. _What Is TLS Fingerprint and How to Bypass It: https://www.zenrows.com/blog/what-is-tls-fingerprint#how-to-bypass-tls-fingerprinting Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> Closes: https://github.com/searxng/searxng/issues/2246 |
||
---|---|---|
.. | ||
answerers | ||
data | ||
engines | ||
infopage | ||
metrics | ||
network | ||
plugins | ||
search | ||
static | ||
templates/simple | ||
translations | ||
__init__.py | ||
autocomplete.py | ||
babel_extract.py | ||
compat.py | ||
exceptions.py | ||
external_bang.py | ||
external_urls.py | ||
flaskfix.py | ||
languages.py | ||
locales.py | ||
preferences.py | ||
query.py | ||
redisdb.py | ||
redislib.py | ||
results.py | ||
searxng.msg | ||
settings.yml | ||
settings_defaults.py | ||
settings_loader.py | ||
unixthreadname.py | ||
utils.py | ||
version.py | ||
webadapter.py | ||
webapp.py | ||
webutils.py |