feat: Update utls support.
* client-fingerprint is used to apply Utls for modifying ClientHello, it accepts "chrome","firefox","safari","ios","random" options. * Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
This commit is contained in:
parent
d9d2ea41c0
commit
4d33fb9848
4 changed files with 47 additions and 22 deletions
|
@ -317,7 +317,7 @@ proxies:
|
|||
# udp: true
|
||||
# tls: true
|
||||
# fingerprint: xxxx
|
||||
# client-fingerprint: random # Available: "chrome","firefox","safari","random"
|
||||
# client-fingerprint: chrome # Available: "chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan.
|
||||
# skip-cert-verify: true
|
||||
# servername: example.com # priority over wss host
|
||||
# network: ws
|
||||
|
@ -423,6 +423,7 @@ proxies:
|
|||
server: server
|
||||
port: 443
|
||||
password: yourpsk
|
||||
# client-fingerprint: random # Available: "chrome","firefox","safari","random"
|
||||
# fingerprint: xxxx
|
||||
# udp: true
|
||||
# sni: example.com # aka server name
|
||||
|
|
|
@ -116,15 +116,26 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) {
|
|||
}
|
||||
}
|
||||
|
||||
if len(t.option.ClientFingerprint) != 0 {
|
||||
utlsConn, valid := vmess.GetUtlsConnWithClientFingerprint(conn, t.option.ClientFingerprint, tlsConfig)
|
||||
if valid {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
|
||||
defer cancel()
|
||||
|
||||
err := utlsConn.(*vmess.UConn).HandshakeContext(ctx)
|
||||
return utlsConn, err
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
tlsConn := tls.Client(conn, tlsConfig)
|
||||
|
||||
// fix tls handshake not timeout
|
||||
ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
|
||||
defer cancel()
|
||||
if err := tlsConn.HandshakeContext(ctx); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return tlsConn, nil
|
||||
err := tlsConn.HandshakeContext(ctx)
|
||||
return tlsConn, err
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -148,6 +159,7 @@ func (t *Trojan) StreamWebsocketConn(conn net.Conn, wsOptions *WebsocketOption)
|
|||
Headers: wsOptions.Headers,
|
||||
TLS: true,
|
||||
TLSConfig: tlsConfig,
|
||||
ClientFingerprint: t.option.ClientFingerprint,
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -36,13 +36,8 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
|
|||
}
|
||||
|
||||
if len(cfg.ClientFingerprint) != 0 {
|
||||
if fingerprint, exists := GetFingerprint(cfg.ClientFingerprint); exists {
|
||||
utlsConn := UClient(conn, tlsConfig, &utls.ClientHelloID{
|
||||
Client: fingerprint.Client,
|
||||
Version: fingerprint.Version,
|
||||
Seed: nil,
|
||||
})
|
||||
|
||||
utlsConn, valid := GetUtlsConnWithClientFingerprint(conn, cfg.ClientFingerprint, tlsConfig)
|
||||
if valid {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
|
||||
defer cancel()
|
||||
|
||||
|
@ -50,7 +45,6 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
|
|||
return utlsConn, err
|
||||
}
|
||||
}
|
||||
|
||||
tlsConn := tls.Client(conn, tlsConfig)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
|
||||
|
@ -59,3 +53,18 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
|
|||
err := tlsConn.HandshakeContext(ctx)
|
||||
return tlsConn, err
|
||||
}
|
||||
|
||||
func GetUtlsConnWithClientFingerprint(conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config) (net.Conn, bool) {
|
||||
|
||||
if fingerprint, exists := GetFingerprint(ClientFingerprint); exists {
|
||||
utlsConn := UClient(conn, tlsConfig, &utls.ClientHelloID{
|
||||
Client: fingerprint.Client,
|
||||
Version: fingerprint.Version,
|
||||
Seed: nil,
|
||||
})
|
||||
|
||||
return utlsConn, true
|
||||
}
|
||||
|
||||
return nil, false
|
||||
}
|
||||
|
|
|
@ -38,6 +38,7 @@ func RollFingerprint() (*utls.ClientHelloID, bool) {
|
|||
chooser, _ := weightedrand.NewChooser(
|
||||
weightedrand.NewChoice("chrome", 6),
|
||||
weightedrand.NewChoice("safari", 3),
|
||||
weightedrand.NewChoice("ios", 2),
|
||||
weightedrand.NewChoice("firefox", 1),
|
||||
)
|
||||
initClient := chooser.Pick()
|
||||
|
@ -50,6 +51,7 @@ var Fingerprints = map[string]*utls.ClientHelloID{
|
|||
"chrome": &utls.HelloChrome_Auto,
|
||||
"firefox": &utls.HelloFirefox_Auto,
|
||||
"safari": &utls.HelloSafari_Auto,
|
||||
"ios": &utls.HelloIOS_Auto,
|
||||
"randomized": &utls.HelloRandomized,
|
||||
}
|
||||
|
||||
|
@ -64,6 +66,7 @@ func CopyConfig(c *tls.Config) *utls.Config {
|
|||
|
||||
// WebsocketHandshake basically calls UConn.Handshake inside it but it will only send
|
||||
// http/1.1 in its ALPN.
|
||||
// Copy from https://github.com/XTLS/Xray-core/blob/main/transport/internet/tls/tls.go
|
||||
func (c *UConn) WebsocketHandshake() error {
|
||||
// Build the handshake state. This will apply every variable of the TLS of the
|
||||
// fingerprint in the UConn
|
||||
|
|
Loading…
Reference in a new issue