Fingerprinting qtun

[sippejw]

Hi,

I am a researcher working on fingerprinting QUIC connections to identify client implementations. As part of this work, we have been looking at censorship circumvention tools to see if they produce fingerprints that are different from the underlying libraries they use to create QUIC connections. In testing qtun, we found that the fingerprint is different from Quinn due to a misconfiguration of the rustls library as well as a dated ALPN.
While this poses no immediate issue, it is possible that censors could identify and block specific clients based on their fingerprint. Fee free to reach out if you have any questions about mitigating this issue or the project in general.