Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

尝试支持ECH #3253

Closed
wants to merge 1 commit into from
Closed

尝试支持ECH #3253

wants to merge 1 commit into from

Conversation

Fangliding
Copy link
Member

用类似引入ults的方法引入了cftls(CF的fork) 支持了ECH
目前只完成了客户端 可能还需要加命令生成ECH config
目前加进了httpupgrade tls grpc
websocket 似乎强制使用了utls 把握不住还是问问

@Fangliding
Copy link
Member Author

测试了一下 TCP TLS 可以正常连接到singbox的服务端

@yuhan6665
Copy link
Member

感谢佬 我个人意见是 go 那边正在推进 不妨等等 golang/go#63369

@Fangliding Fangliding mentioned this pull request Apr 12, 2024
Closed
@chise0713 chise0713 mentioned this pull request Apr 15, 2024
Merged
@Fangliding
Copy link
Member Author

gotls估计还要大咕特咕一会

@yuhan6665
Copy link
Member

这个 PR 还是相对重一点
先搞 echgenkey 是帮忙朋友项目?

@RPRX
Copy link
Member

RPRX commented Apr 18, 2024

ECH 不能结合 uTLS 的话不太实用,去给 uTLS PR 个 ECH 吧,应该不难

@Fangliding Fangliding mentioned this pull request May 11, 2024
Closed
2 tasks
@RPRX
Copy link
Member

RPRX commented May 14, 2024

所以有时间研究给 uTLS 加 ECH 吗,就是说 ECH 不就是把真实 Client Hello 加个密吗,有客户端配置即加密参数的话很简单吧

@RPRX
Copy link
Member

RPRX commented May 14, 2024

看了下 golang/go#63369 (comment) ,"We're planning on server support in 1.24.",然而对 Xray 来说似乎只需要 client support

@yuhan6665
Copy link
Member

看起来已经写好了就等合并 https://go-review.googlesource.com/c/go/+/578575
reality 的更新工作快来了

@RPRX
Copy link
Member

RPRX commented May 14, 2024

看起来已经写好了就等合并 https://go-review.googlesource.com/c/go/+/578575 reality 的更新工作快来了

希望 Golang GKD,想起了我那两个没下文的 PR

ECH 这个扩展的存在给 XTLS 找了个台阶下,后续 data record 长度不稳又怎么了我就不能是 ECH 吗
对 REALITY 则可有可无,反正只要服务端写有你发的 SNI 就只验证 session id,啊不过服务端只能读到明文的 key_share 来使用

鉴于 Xray 对 ECH 的需求并不紧迫,这个 PR 就先关了,等 Golang 的官方实现

@RPRX RPRX closed this May 14, 2024
@Fangliding
Copy link
Member Author

看起来已经写好了就等合并 https://go-review.googlesource.com/c/go/+/578575 reality 的更新工作快来了

希望 Golang GKD,想起了我那两个没下文的 PR

ECH 这个扩展的存在给 XTLS 找了个台阶下,后续 data record 长度不稳又怎么了我就不能是 ECH 吗 对 REALITY 则可有可无,反正只要服务端写有你发的 SNI 就只验证 session id,啊不过服务端只能读到明文的 key_share 来使用

鉴于 Xray 对 ECH 的需求并不紧迫,这个 PR 就先关了,等 Golang 的官方实现

说道这个 话说缓存 server hello 的想法搞得怎么样了()

@yuhan6665
Copy link
Member

@Fangliding 这一手催更反弹 有点东西

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Fangliding @yuhan6665 @RPRX