simple-tls

command module

v0.4.0-beta Latest Latest Go to latest Published: Jun 25, 2020 License: GPL-3.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/IrineSistiana/simple-tls

README ¶

simple-tls

Probably the simplest tls plugin.

It can:

Protect and obfuscate your connections with real TLS1.3 (not just obfuscate with some fake headers).
Run as a SIP003 plugin and run on Android platform.
Can send padding data to against traffic analysis. (optional, experimental)

How to build

You will need go v1.14 or later.

$ go build

Usage

    client bind addr               server bind addr
           |                             |
|client|-->|simple-tls client|--TLS1.3-->|simple-tls server|-->|final destination|
                                         |                     |   
                                   client dst addr       server dst addr  

# Common arguments
-b string
    [Host:Port]  bind addr
-d string
    [Host:Port]  destination addr

# Transfer mode (Client and server must have the same mode)
-pd
    If enabled, server will send some padding data to against traffic analysis.

# Client arguments
-n string
    Server certificate name. If blank, it will be the host in -d.
-no-verify
    If enabled, client won't verify the server's certificate chain and host name.
    If enabled, TLS is susceptible to man-in-the-middle attacks. 
-ca string
    Load a CA file from path.
-cca string
    Load a base64 encoded PEM CA certificate from string.

# Server arguments
-s    
    If enabled, simple-tls will run as a server.
-cert string
    PEM certificate file path
-key string
    PEM key file path

# Other geek's arguments
-gen-cert
    [This is a helper function]: generate a ecc certificate.
    The DNSName of this certificate will be [-n].
    It's key will be stored at [-key] and it's cert will be stored at [-cert].
    e.g. -gen-cert -n example.com -key ./example.com.key -cert ./example.com.cert

-cpu int
    The maximum number of CPUs that can be executing simultaneously
-fast-open
    Enable tfo, only available on linux kernel 4.11+
-t int
    Idle timeout in sec (default 300)

Standalone mode

Run as a server:

simple-tls -b 0.0.0.0:1080 -d 127.0.0.1:12345 -s -key /path/to/your/key -cert /path/to/your/cert

Run as a client:

simple-tls -b 127.0.0.1:1080 -d your_server_ip:1080 -n your.server.certificates.dnsname

SIP003 mode

Comply with shadowsocks SIP003 plugin protocol. Accepted key-value pair are same as above. Shadowsocks will automatically set -d and -b parameters, no need to set manually.

Take shadowsocks-libev as an example:

ss-server -c config.json --plugin simple-tls --plugin-opts "s;key=/path/to/your/key;cert=/path/to/your/cert"
ss-local -c config.json --plugin simple-tls --plugin-opts "n=your.server.certificates.dnsname"

Android

simple-tls-android is a plugin for shadowsocks-android. You need to download and install shadowsocks-android first. It's open-source.

More tips

You can start the server without -key and -cert. Server will automatically generate a temporary certificate. In this case, client have to disable verify by using -no-verify.
You can use -gen-cert to quickly generate an ECC certificate, and use -cca or -ca in the client to import its cert as CA.
Under normal circumstances, it is recommended to use -ca to directly load certificate file. -cca is recommended for Android. In Android system it's very inconvenient to transfer and load files.

Documentation ¶

Rendered for

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL