#879 Updated zcrypto dependency to support TLS 1.3

[zohar-qiz]

Updated dependencies and removed deprecated code

dependent on projectdiscovery/utils#721

Closes #879

Summary by CodeRabbit

• Chores

  • Updated dependencies to newer versions for improved stability and compatibility.

• Updates

  • Removed support for legacy cipher suites to enhance security.
  • Adjusted TLS fingerprinting to exclude NextProtoNeg extension.
  • Improved TLS handshake error handling for better reliability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Dependencies updated to newer versions, particularly zmap/zcrypto to support TLS 1.3 analysis. Code adjusted by removing the now-unsupported NextProtoNeg extension from JA3 fingerprinting, six legacy cipher mappings, and updating error handling to use errors.Is() for compatibility with the new dependency versions.

Changes

Cohort / File(s)	Summary
Dependency Management go.mod	Updated zmap/zcrypto and related dependencies to newer versions for TLS 1.3 support; bumped fastdialer, gologger, utils, and indirect modules (hmap, networkpolicy, retryabledns, etc.) across golang.org packages.
JA3 Fingerprint Updates pkg/tlsx/ztls/ja3/ja3.go	Removed NextProtoNeg (extension 13172) inclusion from JA3 and JA3S fingerprint generation in GetJa3Hash() and GetJa3sHash() functions; no longer supported in updated zcrypto dependency.
TLS Configuration & Error Handling pkg/tlsx/ztls/ztls.go, pkg/tlsx/ztls/utils.go	Added new error sentinel ErrCertsOnly in ztls.go with updated error comparison using errors.Is(); removed six legacy cipher mappings (RC2, IDEA, DES variants) from ztlsCiphers map in utils.go.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A hop toward TLS 1.3's light,
NextProtoNeg fades from sight,
Old ciphers gone, zcrypto's new,
The handshake flows both strong and true! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective of this PR: updating the zcrypto dependency to support TLS 1.3, which is the central focus of issue #879.
Linked Issues check	✅ Passed	The PR successfully addresses all coding requirements from issue #879: updates zcrypto to v0.0.0-20250218123239-97e834cd7132, removes deprecated NextProtoNeg references that were causing compilation errors, and introduces the ErrCertsOnly sentinel to handle API changes.
Out of Scope Changes check	✅ Passed	All changes are directly related to supporting TLS 1.3: dependency updates in go.mod, removal of NextProtoNeg code that doesn't exist in newer zcrypto, removal of unsupported ciphers, and necessary error handling adjustments for the new API.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}