searxngRebrandZaclys/searx
Markus Heiser 8fa54ffddf [mod] Shuffle httpx's default ciphers of a SSL context randomly.
From the analyse of @9Ninety [1] we know that DDG (and may be other engines / I
have startpage in mind) does some kind of TLS fingerprint to block bots.

This patch shuffles the default ciphers from httpx to avoid a cipher profile
that is known to httpx (and blocked by DDG).

[1] https://github.com/searxng/searxng/issues/2246#issuecomment-1467895556

----

From `What Is TLS Fingerprint and How to Bypass It`_

> When implementing TLS fingerprinting, servers can't operate based on a
> locked-in whitelist database of fingerprints.  New fingerprints appear
> when web clients or TLS libraries release new versions. So, they have to
> live off a blocklist database instead.
> ...
> It's safe to leave the first three as is but shuffle the remaining ciphers
> and you can bypass the TLS fingerprint check.

.. _What Is TLS Fingerprint and How to Bypass It:
   https://www.zenrows.com/blog/what-is-tls-fingerprint#how-to-bypass-tls-fingerprinting

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Closes: https://github.com/searxng/searxng/issues/2246
2023-03-19 13:40:31 +01:00
..
answerers [fix] issue reported by pylint 22.1.0 2022-02-04 09:45:35 +01:00
data Merge pull request #2224 from searxng/update_data_update_currencies.py 2023-03-15 18:36:29 +01:00
engines rollback test 2023-03-15 19:55:20 +01:00
infopage weblate: migration to https://translate.codeberg.org/ 2023-01-21 15:45:12 +00:00
metrics [fix] prepare for pylint 2.14.0 2022-06-03 15:41:52 +02:00
network [mod] Shuffle httpx's default ciphers of a SSL context randomly. 2023-03-19 13:40:31 +01:00
plugins Add "Auto-detected" as a language. 2023-02-17 15:17:36 +00:00
search Add "Auto-detected" as a language. 2023-02-17 15:17:36 +00:00
static Bump grunt from 1.5.3 to 1.6.1 in /searx/static/themes/simple 2023-02-04 08:10:18 +00:00
templates/simple Add "Auto-detected" as a language. 2023-02-17 15:17:36 +00:00
translations [translations] update from Weblate 2023-03-17 07:07:53 +00:00
__init__.py [format.python] initial formatting of the python code 2021-12-27 09:26:22 +01:00
autocomplete.py [mod] make python code pylint 2.16.1 compliant 2023-02-10 13:59:21 +01:00
babel_extract.py [mod] move category and names of constants to searx/searxng.msg 2022-03-16 09:55:53 +01:00
compat.py [fix] pyright repported errors 2022-07-30 18:04:44 +02:00
exceptions.py [doc] Add doc-strings to searx.exceptions 2023-01-29 19:06:19 +01:00
external_bang.py External bang: bug fix: URL encode the query so "!!g 1+1" works as intended 2022-08-27 07:10:26 +00:00
external_urls.py [fix] typos / reported by @kianmeng in searx PR-3366 2022-09-27 18:32:14 +02:00
flaskfix.py [format.python] initial formatting of the python code 2021-12-27 09:26:22 +01:00
languages.py [fix] add back missing languages & regions (followup of PR #1071) 2022-04-22 12:09:42 +02:00
locales.py Bump flask-babel from 2.0.0 to 3.0.0 2023-01-20 09:38:30 +00:00
preferences.py Add "Auto-detected" as a language. 2023-02-17 15:17:36 +00:00
query.py Add "Auto-detected" as a language. 2023-02-17 15:17:36 +00:00
redisdb.py move searx.shared.redisdb to searx.redisdb 2022-12-10 09:26:38 +01:00
redislib.py [mod] redislib - optimize LUA script registration. 2022-05-30 11:21:09 +02:00
results.py [fix] typos / reported by @kianmeng in searx PR-3366 2022-09-27 18:32:14 +02:00
searxng.msg Science category: update the engines 2022-09-23 20:45:58 +02:00
settings_defaults.py Add "Auto-detected" as a language. 2023-02-17 15:17:36 +00:00
settings_loader.py [fix] typos / reported by @kianmeng in searx PR-3366 2022-09-27 18:32:14 +02:00
settings.yml Increase timeout for gentoo wiki engine 2023-02-28 13:54:44 +01:00
unixthreadname.py [format.python] initial formatting of the python code 2021-12-27 09:26:22 +01:00
utils.py [doc] improved docs of implementations for automatic speech recognition 2023-02-19 10:09:52 +00:00
version.py SearXNG version: YYYY.MM.DD without leading zero 2023-01-22 10:45:00 +00:00
webadapter.py Add "Auto-detected" as a language. 2023-02-17 15:17:36 +00:00
webapp.py Add "Auto-detected" as a language. 2023-02-17 15:17:36 +00:00
webutils.py [fix] server side error: escape backslashes in the query highlight_content 2023-03-17 08:46:00 +01:00