Ewust

**Name of the Vulnerable Software and Affected Versions** utls versions prior to 1.7.0 **Description** The utls software did not implement the TLS 1.3 downgrade protection mechanism as specified in RFC 8446 Section 4.1.3 when a utls ClientHello specification was used. This allowed a network attacker to downgrade TLS 1.3 connections to lower versions, such as TLS 1.2, by modifying the ClientHello message to remove the `SupportedVersions` extension. The server would then respond with a TLS 1.2 ServerHello, including a downgrade canary in the ServerHello random field. Because utls did not validate this canary, clients accepted the downgraded connection without detection. This issue also allowed for fingerprinting of utls connections. **Recommendations** Upgrade to version 1.7.0 or later.