For YouTube streams, tls 1.2 is used. BraveNewPipe conscrypt.

[Stepman123]

To connect to manifest.googlevideo.com tls 1.2 is always used.
This is a problem for me.

Are there NewPipe configuration files where I could enable tls 1.3?
root is available.

[evermind-zz]

nope. There are no configuration files. You want to connect preferable via 1.3 and if not available 1.2 etc?

[Stepman123]

You want to connect preferable via 1.3 and if not available 1.2 etc?

Yes, this is important in cases when the internet provider blocks YouTube domains. For TLS 1.3 connections, the blocking can be easily overcome with the help of antiDPI tools, but with TLS 1.2, it is difficult to do so.

[evermind-zz]

• Which android version are you using?
• You stated in the issue title you are using the BraveNewPipe Conscrypt apk version. Is that true?

[Stepman123]

• Which android version are you using?
• You stated in the issue title you are using the BraveNewPipe Conscrypt apk version. Is that true?

AOSP 7.1.2
BraveNewPipe_conscrypt_v0.27.2-2.3.0.apk - 14.9 MB - Aug 3
I forgot to mention a specific video. I type "stream" in the search and then try the ones labeled livestream.

[evermind-zz]

I forgot to mention a specific video. I type "stream" in the search and then try the ones labeled livestream.

And what does not work? you can't play those live streams? Do you have any sorts of logs? I looked into it and cannot find a host with manifest in its name.

[Stepman123]

And what does not work? you can't play those live streams? Do you have any sorts of logs? I looked into it and cannot find a host with manifest in its name.

Works through VPN.
I used tcpdump, and then opened the pcap file on my PC with Wireshark.

[evermind-zz]

could you try this version here:
braveNewPipe_TLS1_3.zip

I've only enabled TLS 1.3

[Stepman123]

could you try this version here: braveNewPipe_TLS1_3.zip

I've only enabled TLS 1.3

I can't install it. The installer reports that the application is incompatible.
ARM v7 is used here (not ARM v7a)

[evermind-zz]

The problem is maybe the way you install it or you have not enabled developer settings. This could prevent a debug+signed build to be installed if I recall correctly. Here is the same apk but as release. Hope this one works:
braveNewPipe_TLS1_3-release.zip

[Stepman123]

The problem is maybe the way you install it or you have not enabled developer settings. This could prevent a debug+signed build to be installed if I recall correctly. Here is the same apk but as release. Hope this one works: braveNewPipe_TLS1_3-release.zip

This version is installed, but the video does not play. Constant error "Source error" every 2-3 seconds. In the sniffer, I see that SIN ASK packets are being sent and receive a response, but then the program does not send Client Hello, instead it starts connecting again. This will be repeated several times per second, continuously.

[evermind-zz]

can you upload a pcap file?

[evermind-zz]

I've looked int the file. I have to say I'm not a expert on TCP but as you said there retransmissions of packets. They get resend 300ms 2sec and 4 secs. How does it differ if you use the regular bravenewpipe?

[Stepman123]

I'm not a TCP expert either, but it's not difficult. First, the client sends a packet with the syn flag, the server responds with a packet with the syn ack flags, this means that TCP is ready to work with higher protocols.
Therefore, after receiving syn ack, the client must immediately continue the connection by sending a packet containing the beginning of the TLS handshake (Client Hello). This packet is several hundred bytes in size, in addition, it has SNI - this is a domain name that is transmitted unencrypted. You can see it if you open the Client Hello package.

I wanted to send you another pcap, where the successful connection TLS 1.2 manifest.googlevideo.com and so on, through the VPN adapter, but I did not save your address. However, it doesn’t matter, there’s nothing interesting there anyway.