tls

package
v1.8.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2023 License: MPL-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Certificate_Usage_name = map[int32]string{
		0: "ENCIPHERMENT",
		1: "AUTHORITY_VERIFY",
		2: "AUTHORITY_ISSUE",
	}
	Certificate_Usage_value = map[string]int32{
		"ENCIPHERMENT":     0,
		"AUTHORITY_VERIFY": 1,
		"AUTHORITY_ISSUE":  2,
	}
)

Enum value maps for Certificate_Usage.

View Source 
var File_transport_internet_tls_config_proto protoreflect.FileDescriptor
View Source 
var ModernFingerprints = map[string]*utls.ClientHelloID{

	"hellofirefox_99":         &utls.HelloFirefox_99,
	"hellofirefox_102":        &utls.HelloFirefox_102,
	"hellofirefox_105":        &utls.HelloFirefox_105,
	"hellochrome_83":          &utls.HelloChrome_83,
	"hellochrome_87":          &utls.HelloChrome_87,
	"hellochrome_96":          &utls.HelloChrome_96,
	"hellochrome_100":         &utls.HelloChrome_100,
	"hellochrome_102":         &utls.HelloChrome_102,
	"hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle,
	"helloios_13":             &utls.HelloIOS_13,
	"helloios_14":             &utls.HelloIOS_14,
	"helloedge_85":            &utls.HelloEdge_85,
	"helloedge_106":           &utls.HelloEdge_106,
	"hellosafari_16_0":        &utls.HelloSafari_16_0,
	"hello360_11_0":           &utls.Hello360_11_0,
	"helloqq_11_1":            &utls.HelloQQ_11_1,
}
View Source 
var OtherFingerprints = map[string]*utls.ClientHelloID{

	"hellogolang":            &utls.HelloGolang,
	"hellorandomized":        &utls.HelloRandomized,
	"hellorandomizedalpn":    &utls.HelloRandomizedALPN,
	"hellorandomizednoalpn":  &utls.HelloRandomizedNoALPN,
	"hellofirefox_auto":      &utls.HelloFirefox_Auto,
	"hellofirefox_55":        &utls.HelloFirefox_55,
	"hellofirefox_56":        &utls.HelloFirefox_56,
	"hellofirefox_63":        &utls.HelloFirefox_63,
	"hellofirefox_65":        &utls.HelloFirefox_65,
	"hellochrome_auto":       &utls.HelloChrome_Auto,
	"hellochrome_58":         &utls.HelloChrome_58,
	"hellochrome_62":         &utls.HelloChrome_62,
	"hellochrome_70":         &utls.HelloChrome_70,
	"hellochrome_72":         &utls.HelloChrome_72,
	"helloios_auto":          &utls.HelloIOS_Auto,
	"helloios_11_1":          &utls.HelloIOS_11_1,
	"helloios_12_1":          &utls.HelloIOS_12_1,
	"helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp,
	"helloedge_auto":         &utls.HelloEdge_Auto,
	"hellosafari_auto":       &utls.HelloSafari_Auto,
	"hello360_auto":          &utls.Hello360_Auto,
	"hello360_7_5":           &utls.Hello360_7_5,
	"helloqq_auto":           &utls.HelloQQ_Auto,
}
View Source 
var PresetFingerprints = map[string]*utls.ClientHelloID{

	"chrome":     &utls.HelloChrome_Auto,
	"firefox":    &utls.HelloFirefox_Auto,
	"safari":     &utls.HelloSafari_Auto,
	"ios":        &utls.HelloIOS_Auto,
	"android":    &utls.HelloAndroid_11_OkHttp,
	"edge":       &utls.HelloEdge_Auto,
	"360":        &utls.Hello360_Auto,
	"qq":         &utls.HelloQQ_Auto,
	"random":     nil,
	"randomized": nil,
}

Functions

func CalculatePEMCertChainSHA256Hash 

func CalculatePEMCertChainSHA256Hash(certContent []byte) string

func Client 

func Client(c net.Conn, config *tls.Config) net.Conn

Client initiates a TLS client handshake on the given connection.

func GenerateCertChainHash 

func GenerateCertChainHash(rawCerts [][]byte) []byte

func GenerateCertPublicKeyHash 

func GenerateCertPublicKeyHash(cert *x509.Certificate) []byte

func GetFingerprint 

func GetFingerprint(name string) (fingerprint *utls.ClientHelloID)

func NewGrpcUtls 

func NewGrpcUtls(c *gotls.Config, fingerprint *utls.ClientHelloID) credentials.TransportCredentials

NewGrpcUtls uses c to construct a TransportCredentials based on uTLS.

func Server 

func Server(c net.Conn, config *tls.Config) net.Conn

Server initiates a TLS server handshake on the given connection.

func UClient 

func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) net.Conn

Types

type Certificate 

type Certificate struct {

	// TLS certificate in x509 format.
	Certificate []byte `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// TLS key in x509 format.
	Key          []byte            `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
	Usage        Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=xray.transport.internet.tls.Certificate_Usage" json:"usage,omitempty"`
	OcspStapling uint64            `protobuf:"varint,4,opt,name=ocsp_stapling,json=ocspStapling,proto3" json:"ocsp_stapling,omitempty"`
	// TLS certificate path
	CertificatePath string `protobuf:"bytes,5,opt,name=certificate_path,json=certificatePath,proto3" json:"certificate_path,omitempty"`
	// TLS Key path
	KeyPath string `protobuf:"bytes,6,opt,name=key_path,json=keyPath,proto3" json:"key_path,omitempty"`
	// If true, one-Time Loading
	OneTimeLoading bool `protobuf:"varint,7,opt,name=One_time_loading,json=OneTimeLoading,proto3" json:"One_time_loading,omitempty"`
	// contains filtered or unexported fields
}

func ParseCertificate 

func ParseCertificate(c *cert.Certificate) *Certificate

ParseCertificate converts a cert.Certificate to Certificate.

func (*Certificate) Descriptor deprecated 

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCertificate 

func (x *Certificate) GetCertificate() []byte

func (*Certificate) GetCertificatePath 

func (x *Certificate) GetCertificatePath() string

func (*Certificate) GetKey 

func (x *Certificate) GetKey() []byte

func (*Certificate) GetKeyPath 

func (x *Certificate) GetKeyPath() string

func (*Certificate) GetOcspStapling 

func (x *Certificate) GetOcspStapling() uint64

func (*Certificate) GetOneTimeLoading 

func (x *Certificate) GetOneTimeLoading() bool

func (*Certificate) GetUsage 

func (x *Certificate) GetUsage() Certificate_Usage

func (*Certificate) ProtoMessage 

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect 

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset 

func (x *Certificate) Reset()

func (*Certificate) String 

func (x *Certificate) String() string

type Certificate_Usage 

type Certificate_Usage int32
const (
	Certificate_ENCIPHERMENT     Certificate_Usage = 0
	Certificate_AUTHORITY_VERIFY Certificate_Usage = 1
	Certificate_AUTHORITY_ISSUE  Certificate_Usage = 2
)

func (Certificate_Usage) Descriptor 

func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor

func (Certificate_Usage) Enum 

func (x Certificate_Usage) Enum() *Certificate_Usage

func (Certificate_Usage) EnumDescriptor deprecated 

func (Certificate_Usage) EnumDescriptor() ([]byte, []int)

Deprecated: Use Certificate_Usage.Descriptor instead.

func (Certificate_Usage) Number 

func (x Certificate_Usage) Number() protoreflect.EnumNumber

func (Certificate_Usage) String 

func (x Certificate_Usage) String() string

func (Certificate_Usage) Type 

func (Certificate_Usage) Type() protoreflect.EnumType

type Config 

type Config struct {

	// Whether or not to allow self-signed certificates.
	AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"`
	// List of certificates to be served on server.
	Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"`
	// Override server name.
	ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"`
	// Lists of string as ALPN values.
	NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"`
	// Whether or not to enable session (ticket) resumption.
	EnableSessionResumption bool `` /* 133-byte string literal not displayed */
	// If true, root certificates on the system will not be loaded for
	// verification.
	DisableSystemRoot bool `protobuf:"varint,6,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"`
	// The minimum TLS version.
	MinVersion string `protobuf:"bytes,7,opt,name=min_version,json=minVersion,proto3" json:"min_version,omitempty"`
	// The maximum TLS version.
	MaxVersion string `protobuf:"bytes,8,opt,name=max_version,json=maxVersion,proto3" json:"max_version,omitempty"`
	// Specify cipher suites, except for TLS 1.3.
	CipherSuites string `protobuf:"bytes,9,opt,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"`
	// Whether the server selects its most preferred ciphersuite.
	PreferServerCipherSuites bool `` /* 139-byte string literal not displayed */
	// TLS Client Hello fingerprint (uTLS).
	Fingerprint      string `protobuf:"bytes,11,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
	RejectUnknownSni bool   `protobuf:"varint,12,opt,name=reject_unknown_sni,json=rejectUnknownSni,proto3" json:"reject_unknown_sni,omitempty"`
	// @Document A pinned certificate chain sha256 hash.
	// @Document If the server's hash does not match this value, the connection will be aborted.
	// @Document This value replace allow_insecure.
	// @Critical
	PinnedPeerCertificateChainSha256 [][]byte `` /* 164-byte string literal not displayed */
	// @Document A pinned certificate public key sha256 hash.
	// @Document If the server's public key hash does not match this value, the connection will be aborted.
	// @Document This value replace allow_insecure.
	// @Critical
	PinnedPeerCertificatePublicKeySha256 [][]byte `` /* 178-byte string literal not displayed */
	// contains filtered or unexported fields
}

func ConfigFromStreamSettings 

func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config

ConfigFromStreamSettings fetches Config from stream settings. Nil if not found.

func (*Config) BuildCertificates 

func (c *Config) BuildCertificates() []*tls.Certificate

BuildCertificates builds a list of TLS certificates from proto definition.

func (*Config) Descriptor deprecated 

func (*Config) Descriptor() ([]byte, []int)

Deprecated: Use Config.ProtoReflect.Descriptor instead.

func (*Config) GetAllowInsecure 

func (x *Config) GetAllowInsecure() bool

func (*Config) GetCertificate 

func (x *Config) GetCertificate() []*Certificate

func (*Config) GetCipherSuites 

func (x *Config) GetCipherSuites() string

func (*Config) GetDisableSystemRoot 

func (x *Config) GetDisableSystemRoot() bool

func (*Config) GetEnableSessionResumption 

func (x *Config) GetEnableSessionResumption() bool

func (*Config) GetFingerprint 

func (x *Config) GetFingerprint() string

func (*Config) GetMaxVersion 

func (x *Config) GetMaxVersion() string

func (*Config) GetMinVersion 

func (x *Config) GetMinVersion() string

func (*Config) GetNextProtocol 

func (x *Config) GetNextProtocol() []string

func (*Config) GetPinnedPeerCertificateChainSha256 

func (x *Config) GetPinnedPeerCertificateChainSha256() [][]byte

func (*Config) GetPinnedPeerCertificatePublicKeySha256 

func (x *Config) GetPinnedPeerCertificatePublicKeySha256() [][]byte

func (*Config) GetPreferServerCipherSuites 

func (x *Config) GetPreferServerCipherSuites() bool

func (*Config) GetRejectUnknownSni 

func (x *Config) GetRejectUnknownSni() bool

func (*Config) GetServerName 

func (x *Config) GetServerName() string

func (*Config) GetTLSConfig 

func (c *Config) GetTLSConfig(opts ...Option) *tls.Config

GetTLSConfig converts this Config into tls.Config.

func (*Config) ProtoMessage 

func (*Config) ProtoMessage()

func (*Config) ProtoReflect 

func (x *Config) ProtoReflect() protoreflect.Message

func (*Config) Reset 

func (x *Config) Reset()

func (*Config) String 

func (x *Config) String() string

type Conn 

type Conn struct {
	*tls.Conn
}

func (*Conn) HandshakeAddress 

func (c *Conn) HandshakeAddress() net.Address

func (*Conn) NegotiatedProtocol 

func (c *Conn) NegotiatedProtocol() (name string, mutual bool)

func (*Conn) WriteMultiBuffer 

func (c *Conn) WriteMultiBuffer(mb buf.MultiBuffer) error

type Interface 

type Interface interface {
	net.Conn
	Handshake() error
	VerifyHostname(host string) error
	NegotiatedProtocol() (name string, mutual bool)
}

type Option 

type Option func(*tls.Config)

Option for building TLS config.

func WithDestination 

func WithDestination(dest net.Destination) Option

WithDestination sets the server name in TLS config.

func WithNextProto 

func WithNextProto(protocol ...string) Option

WithNextProto sets the ALPN values in TLS config.

type UConn 

type UConn struct {
	*utls.UConn
}

func (*UConn) HandshakeAddress 

func (c *UConn) HandshakeAddress() net.Address

func (*UConn) NegotiatedProtocol 

func (c *UConn) NegotiatedProtocol() (name string, mutual bool)

func (*UConn) WebsocketHandshake 

func (c *UConn) WebsocketHandshake() error

WebsocketHandshake basically calls UConn.Handshake inside it but it will only send http/1.1 in its ALPN.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.