Documentation ¶
Index ¶
- Variables
- func CalculatePEMCertChainSHA256Hash(certContent []byte) string
- func Client(c net.Conn, config *tls.Config) net.Conn
- func GenerateCertChainHash(rawCerts [][]byte) []byte
- func GenerateCertPublicKeyHash(cert *x509.Certificate) []byte
- func GetFingerprint(name string) (fingerprint *utls.ClientHelloID)
- func NewGrpcUtls(c *gotls.Config, fingerprint *utls.ClientHelloID) credentials.TransportCredentials
- func Server(c net.Conn, config *tls.Config) net.Conn
- func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) net.Conn
- type Certificate
- func (*Certificate) Descriptor() ([]byte, []int)deprecated
- func (x *Certificate) GetCertificate() []byte
- func (x *Certificate) GetCertificatePath() string
- func (x *Certificate) GetKey() []byte
- func (x *Certificate) GetKeyPath() string
- func (x *Certificate) GetOcspStapling() uint64
- func (x *Certificate) GetOneTimeLoading() bool
- func (x *Certificate) GetUsage() Certificate_Usage
- func (*Certificate) ProtoMessage()
- func (x *Certificate) ProtoReflect() protoreflect.Message
- func (x *Certificate) Reset()
- func (x *Certificate) String() string
- type Certificate_Usage
- func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor
- func (x Certificate_Usage) Enum() *Certificate_Usage
- func (Certificate_Usage) EnumDescriptor() ([]byte, []int)deprecated
- func (x Certificate_Usage) Number() protoreflect.EnumNumber
- func (x Certificate_Usage) String() string
- func (Certificate_Usage) Type() protoreflect.EnumType
- type Config
- func (c *Config) BuildCertificates() []*tls.Certificate
- func (*Config) Descriptor() ([]byte, []int)deprecated
- func (x *Config) GetAllowInsecure() bool
- func (x *Config) GetCertificate() []*Certificate
- func (x *Config) GetCipherSuites() string
- func (x *Config) GetDisableSystemRoot() bool
- func (x *Config) GetEnableSessionResumption() bool
- func (x *Config) GetFingerprint() string
- func (x *Config) GetMasterKeyLog() string
- func (x *Config) GetMaxVersion() string
- func (x *Config) GetMinVersion() string
- func (x *Config) GetNextProtocol() []string
- func (x *Config) GetPinnedPeerCertificateChainSha256() [][]byte
- func (x *Config) GetPinnedPeerCertificatePublicKeySha256() [][]byte
- func (x *Config) GetPreferServerCipherSuites() bool
- func (x *Config) GetRejectUnknownSni() bool
- func (x *Config) GetServerName() string
- func (c *Config) GetTLSConfig(opts ...Option) *tls.Config
- func (*Config) ProtoMessage()
- func (x *Config) ProtoReflect() protoreflect.Message
- func (x *Config) Reset()
- func (x *Config) String() string
- type Conn
- type Interface
- type Option
- type UConn
Constants ¶
This section is empty.
Variables ¶
View Source
var ( Certificate_Usage_name = map[int32]string{ 0: "ENCIPHERMENT", 1: "AUTHORITY_VERIFY", 2: "AUTHORITY_ISSUE", } Certificate_Usage_value = map[string]int32{ "ENCIPHERMENT": 0, "AUTHORITY_VERIFY": 1, "AUTHORITY_ISSUE": 2, } )
Enum value maps for Certificate_Usage.
View Source
var File_transport_internet_tls_config_proto protoreflect.FileDescriptor
View Source
var ModernFingerprints = map[string]*utls.ClientHelloID{ "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, "hellofirefox_105": &utls.HelloFirefox_105, "hellochrome_83": &utls.HelloChrome_83, "hellochrome_87": &utls.HelloChrome_87, "hellochrome_96": &utls.HelloChrome_96, "hellochrome_100": &utls.HelloChrome_100, "hellochrome_102": &utls.HelloChrome_102, "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, "helloios_13": &utls.HelloIOS_13, "helloios_14": &utls.HelloIOS_14, "helloedge_85": &utls.HelloEdge_85, "helloedge_106": &utls.HelloEdge_106, "hellosafari_16_0": &utls.HelloSafari_16_0, "hello360_11_0": &utls.Hello360_11_0, "helloqq_11_1": &utls.HelloQQ_11_1, }
View Source
var OtherFingerprints = map[string]*utls.ClientHelloID{ "hellogolang": &utls.HelloGolang, "hellorandomized": &utls.HelloRandomized, "hellorandomizedalpn": &utls.HelloRandomizedALPN, "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, "hellofirefox_auto": &utls.HelloFirefox_Auto, "hellofirefox_55": &utls.HelloFirefox_55, "hellofirefox_56": &utls.HelloFirefox_56, "hellofirefox_63": &utls.HelloFirefox_63, "hellofirefox_65": &utls.HelloFirefox_65, "hellochrome_auto": &utls.HelloChrome_Auto, "hellochrome_58": &utls.HelloChrome_58, "hellochrome_62": &utls.HelloChrome_62, "hellochrome_70": &utls.HelloChrome_70, "hellochrome_72": &utls.HelloChrome_72, "helloios_auto": &utls.HelloIOS_Auto, "helloios_11_1": &utls.HelloIOS_11_1, "helloios_12_1": &utls.HelloIOS_12_1, "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, "helloedge_auto": &utls.HelloEdge_Auto, "hellosafari_auto": &utls.HelloSafari_Auto, "hello360_auto": &utls.Hello360_Auto, "hello360_7_5": &utls.Hello360_7_5, "helloqq_auto": &utls.HelloQQ_Auto, }
View Source
var PresetFingerprints = map[string]*utls.ClientHelloID{ "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, "safari": &utls.HelloSafari_Auto, "ios": &utls.HelloIOS_Auto, "android": &utls.HelloAndroid_11_OkHttp, "edge": &utls.HelloEdge_Auto, "360": &utls.Hello360_Auto, "qq": &utls.HelloQQ_Auto, "random": nil, "randomized": nil, }
Functions ¶
func GenerateCertChainHash ¶
func GenerateCertPublicKeyHash ¶
func GenerateCertPublicKeyHash(cert *x509.Certificate) []byte
func GetFingerprint ¶
func GetFingerprint(name string) (fingerprint *utls.ClientHelloID)
func NewGrpcUtls ¶
func NewGrpcUtls(c *gotls.Config, fingerprint *utls.ClientHelloID) credentials.TransportCredentials
NewGrpcUtls uses c to construct a TransportCredentials based on uTLS.
Types ¶
type Certificate ¶
type Certificate struct { // TLS certificate in x509 format. Certificate []byte `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"` // TLS key in x509 format. Key []byte `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` Usage Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=xray.transport.internet.tls.Certificate_Usage" json:"usage,omitempty"` OcspStapling uint64 `protobuf:"varint,4,opt,name=ocsp_stapling,json=ocspStapling,proto3" json:"ocsp_stapling,omitempty"` // TLS certificate path CertificatePath string `protobuf:"bytes,5,opt,name=certificate_path,json=certificatePath,proto3" json:"certificate_path,omitempty"` // TLS Key path KeyPath string `protobuf:"bytes,6,opt,name=key_path,json=keyPath,proto3" json:"key_path,omitempty"` // If true, one-Time Loading OneTimeLoading bool `protobuf:"varint,7,opt,name=One_time_loading,json=OneTimeLoading,proto3" json:"One_time_loading,omitempty"` // contains filtered or unexported fields }
func ParseCertificate ¶
func ParseCertificate(c *cert.Certificate) *Certificate
ParseCertificate converts a cert.Certificate to Certificate.
func (*Certificate) Descriptor
deprecated
func (*Certificate) Descriptor() ([]byte, []int)
Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
func (*Certificate) GetCertificate ¶
func (x *Certificate) GetCertificate() []byte
func (*Certificate) GetCertificatePath ¶
func (x *Certificate) GetCertificatePath() string
func (*Certificate) GetKey ¶
func (x *Certificate) GetKey() []byte
func (*Certificate) GetKeyPath ¶
func (x *Certificate) GetKeyPath() string
func (*Certificate) GetOcspStapling ¶
func (x *Certificate) GetOcspStapling() uint64
func (*Certificate) GetOneTimeLoading ¶
func (x *Certificate) GetOneTimeLoading() bool
func (*Certificate) GetUsage ¶
func (x *Certificate) GetUsage() Certificate_Usage
func (*Certificate) ProtoMessage ¶
func (*Certificate) ProtoMessage()
func (*Certificate) ProtoReflect ¶
func (x *Certificate) ProtoReflect() protoreflect.Message
func (*Certificate) Reset ¶
func (x *Certificate) Reset()
func (*Certificate) String ¶
func (x *Certificate) String() string
type Certificate_Usage ¶
type Certificate_Usage int32
const ( Certificate_ENCIPHERMENT Certificate_Usage = 0 Certificate_AUTHORITY_VERIFY Certificate_Usage = 1 Certificate_AUTHORITY_ISSUE Certificate_Usage = 2 )
func (Certificate_Usage) Descriptor ¶
func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor
func (Certificate_Usage) Enum ¶
func (x Certificate_Usage) Enum() *Certificate_Usage
func (Certificate_Usage) EnumDescriptor
deprecated
func (Certificate_Usage) EnumDescriptor() ([]byte, []int)
Deprecated: Use Certificate_Usage.Descriptor instead.
func (Certificate_Usage) Number ¶
func (x Certificate_Usage) Number() protoreflect.EnumNumber
func (Certificate_Usage) String ¶
func (x Certificate_Usage) String() string
func (Certificate_Usage) Type ¶
func (Certificate_Usage) Type() protoreflect.EnumType
type Config ¶
type Config struct { // Whether or not to allow self-signed certificates. AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"` // List of certificates to be served on server. Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"` // Override server name. ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"` // Lists of string as ALPN values. NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"` // Whether or not to enable session (ticket) resumption. EnableSessionResumption bool `` /* 133-byte string literal not displayed */ // If true, root certificates on the system will not be loaded for // verification. DisableSystemRoot bool `protobuf:"varint,6,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"` // The minimum TLS version. MinVersion string `protobuf:"bytes,7,opt,name=min_version,json=minVersion,proto3" json:"min_version,omitempty"` // The maximum TLS version. MaxVersion string `protobuf:"bytes,8,opt,name=max_version,json=maxVersion,proto3" json:"max_version,omitempty"` // Specify cipher suites, except for TLS 1.3. CipherSuites string `protobuf:"bytes,9,opt,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` // Whether the server selects its most preferred ciphersuite. PreferServerCipherSuites bool `` /* 139-byte string literal not displayed */ // TLS Client Hello fingerprint (uTLS). Fingerprint string `protobuf:"bytes,11,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` RejectUnknownSni bool `protobuf:"varint,12,opt,name=reject_unknown_sni,json=rejectUnknownSni,proto3" json:"reject_unknown_sni,omitempty"` // @Document A pinned certificate chain sha256 hash. // @Document If the server's hash does not match this value, the connection will be aborted. // @Document This value replace allow_insecure. // @Critical PinnedPeerCertificateChainSha256 [][]byte `` /* 164-byte string literal not displayed */ // @Document A pinned certificate public key sha256 hash. // @Document If the server's public key hash does not match this value, the connection will be aborted. // @Document This value replace allow_insecure. // @Critical PinnedPeerCertificatePublicKeySha256 [][]byte `` /* 178-byte string literal not displayed */ MasterKeyLog string `protobuf:"bytes,15,opt,name=master_key_log,json=masterKeyLog,proto3" json:"master_key_log,omitempty"` // contains filtered or unexported fields }
func ConfigFromStreamSettings ¶
func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config
ConfigFromStreamSettings fetches Config from stream settings. Nil if not found.
func (*Config) BuildCertificates ¶
func (c *Config) BuildCertificates() []*tls.Certificate
BuildCertificates builds a list of TLS certificates from proto definition.
func (*Config) Descriptor
deprecated
func (*Config) GetAllowInsecure ¶
func (*Config) GetCertificate ¶
func (x *Config) GetCertificate() []*Certificate
func (*Config) GetCipherSuites ¶
func (*Config) GetDisableSystemRoot ¶
func (*Config) GetEnableSessionResumption ¶
func (*Config) GetFingerprint ¶
func (*Config) GetMasterKeyLog ¶
func (*Config) GetMaxVersion ¶
func (*Config) GetMinVersion ¶
func (*Config) GetNextProtocol ¶
func (*Config) GetPinnedPeerCertificateChainSha256 ¶
func (*Config) GetPinnedPeerCertificatePublicKeySha256 ¶
func (*Config) GetPreferServerCipherSuites ¶
func (*Config) GetRejectUnknownSni ¶
func (*Config) GetServerName ¶
func (*Config) GetTLSConfig ¶
GetTLSConfig converts this Config into tls.Config.
func (*Config) ProtoMessage ¶
func (*Config) ProtoMessage()
func (*Config) ProtoReflect ¶
func (x *Config) ProtoReflect() protoreflect.Message
type Conn ¶
func (*Conn) HandshakeAddressContext ¶
func (*Conn) NegotiatedProtocol ¶
func (*Conn) WriteMultiBuffer ¶
func (c *Conn) WriteMultiBuffer(mb buf.MultiBuffer) error
type Option ¶
Option for building TLS config.
func WithDestination ¶
func WithDestination(dest net.Destination) Option
WithDestination sets the server name in TLS config.
func WithNextProto ¶
WithNextProto sets the ALPN values in TLS config.
Click to show internal directories.
Click to hide internal directories.