Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable tls 1.3 by default #1576

Closed
wongsyrone opened this issue Feb 26, 2019 · 11 comments
Closed

enable tls 1.3 by default #1576

wongsyrone opened this issue Feb 26, 2019 · 11 comments

Comments

@wongsyrone
Copy link
Contributor

Please follow code in caddyserver/caddy@72d0deb#diff-4a6ec435228114043bb89221e30e51f9R39
@kkkgo
Copy link

kkkgo commented Feb 26, 2019

https://github.com/v2ray/manual/blob/ce75a33c87c3a51567b3c134561e8aa43a22702e/zh_cn/chapter_00/01_versions.md#20180601-v324

@Ariselia
Copy link
Contributor

上述版本历史的改动是使用 tls1.3 推荐的加密套件,不是使用 tls1.3

@Bryan2333
Copy link

现在v2ray还暂时不支持tls1.3,不过应该很快就会支持了。

@xiaokangwang
Copy link
Contributor

现在暂时不默认支持 TLS 1.3 的可能原因是目前支持 TLS 1.3 的程序还太少,V2Ray抢先支持的话,可能会成为特征。(这只是一个可能)

@kotori2
Copy link

kotori2 commented Mar 30, 2019

@xiaokangwang
这个可能太站不住脚了。。RFC 8446发了半年了,Chrome和Firefox已经支持好久了(非draft版);Go 1.12上个月底发的release,现在编译也在用;CloudFlare甚至阿里云的CDN甚至都支持了,现在就差apt和官方ppa默认使用最新的openssl编译nginx和apache了。

@xiaokangwang
Copy link
Contributor

@xiaokangwang
这个可能太站不住脚了。。RFC 8446发了半年了,Chrome和Firefox已经支持好久了(非draft版);Go 1.12上个月底发的release,现在编译也在用;CloudFlare甚至阿里云的CDN甚至都支持了,现在就差apt和官方ppa默认使用最新的openssl编译nginx和apache了。

嗯,现在支持度越来越高了。 我说的这个问题应该会逐渐消失的。

@kotori2
Copy link

kotori2 commented Apr 5, 2019 via email

@Platway
Copy link

Platway commented Apr 5, 2019

Caddy的自動證書官立比較方便😊

@kotori2
Copy link

kotori2 commented Apr 5, 2019 via email

@Windendless
Copy link

Windendless commented Apr 23, 2019
edited

以下是自己修改的Dockerfile,编译出的v2ray可以支持tls1.3连接,供大家参考:

FROM golang:1.12.0 as builder

RUN apt-get update &&
apt-get install pkg-config zip g++ zlib1g-dev unzip python curl -y &&
curl -L -o /tmp/bazel-installer-linux-x86_64.sh https://github.com/bazelbuild/bazel/releases/download/0.24.1/bazel-0.24.1-installer-linux-x86_64.sh &&
chmod +x /tmp/bazel-installer-linux-x86_64.sh &&
/tmp/bazel-installer-linux-x86_64.sh &&
go get -u v2ray.com/core/... &&
cd /go &&
sed -i '/"time"/i\t"fmt"' src/v2ray.com/core/transport/internet/tls/config.go &&
sed -i '/"time"/i\t"os"' src/v2ray.com/core/transport/internet/tls/config.go &&
sed -i '/c.AllowInsecureCiphers/i\tos.Setenv("GODEBUG", fmt.Sprintf("tls13=1,%s", os.Getenv("GODEBUG")))' src/v2ray.com/core/transport/internet/tls/config.go &&
sed -i '/config.CipherSuites = []uint16/a\t\t\ttls.TLS_AES_256_GCM_SHA384,' src/v2ray.com/core/transport/internet/tls/config.go &&
sed -i '/config.CipherSuites = []uint16/a\t\t\ttls.TLS_AES_128_GCM_SHA256,' src/v2ray.com/core/transport/internet/tls/config.go &&
sed -i '/config.CipherSuites = []uint16/a\t\t\ttls.TLS_CHACHA20_POLY1305_SHA256,' src/v2ray.com/core/transport/internet/tls/config.go &&
cd /go/src/v2ray.com/core &&
bazel build --action_env=GOPATH=$GOPATH --action_env=PATH=$PATH //release:v2ray_linux_amd64_package &&
repo=/go/src/v2ray.com/core &&
tmp=/tmp &&
cd "${tmp}" &&
mkdir -p "${tmp}/systemd" &&
mkdir -p "${tmp}/systemv" &&
mkdir -p "${tmp}/doc" &&
ln -sf "${repo}/bazel-out/k8-fastbuild/bin/main/linux/amd64/v2ray" "${tmp}/v2ray" &&
ln -sf "${repo}/bazel-out/k8-fastbuild/bin/main/linux/amd64/v2ray.sig" "${tmp}/v2ray.sig" &&
ln -sf "${repo}/bazel-out/k8-fastbuild/bin/infra/control/main/linux/amd64/v2ctl" "${tmp}/v2ctl" &&
ln -sf "${repo}/bazel-out/k8-fastbuild/bin/infra/control/main/linux/amd64/v2ctl.sig" "${tmp}/v2ctl.sig" &&
ln -sf "${repo}/release/config/config.json" "${tmp}/config.json" &&
ln -sf "${repo}/release/config/vpoint_socks_vmess.json" "${tmp}/vpoint_socks_vmess.json" &&
ln -sf "${repo}/release/config/vpoint_vmess_freedom.json" "${tmp}/vpoint_vmess_freedom.json" &&
ln -sf "${repo}/release/config/systemd/v2ray.service" "${tmp}/systemd/v2ray.service" &&
ln -sf "${repo}/release/config/systemv/v2ray" "${tmp}/systemv/v2ray" &&
ln -sf "${repo}/release/doc/readme.md" "${tmp}/doc/readme.md" &&
ln -sf "${repo}/release/config/geoip.dat" "${tmp}/geoip.dat" &&
ln -sf "${repo}/release/config/geosite.dat" "${tmp}/geosite.dat"

FROM alpine:latest

COPY --from=builder /tmp/v2ray /usr/bin/
COPY --from=builder /tmp/v2ctl /usr/bin/
COPY --from=builder /tmp/geoip.dat /usr/bin/
COPY --from=builder /tmp/geosite.dat /usr/bin/

RUN set -ex &&
apk --no-cache add ca-certificates &&
mkdir /var/log/v2ray/ &&
chmod +x /usr/bin/v2ctl &&
chmod +x /usr/bin/v2ray &&
rm -rf /var/cache/apk/* &&
rm -rf /tmp/*

CMD ["v2ray", "-config=/etc/v2ray/config.json"]

@kslr
Copy link
Contributor

kslr commented Apr 27, 2019

TLS1.3 已经在4.18.1支持,有精力的朋友可以帮助测试一下。

@kslr kslr closed this as completed Apr 27, 2019
@kotori2 kotori2 mentioned this issue Apr 29, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@xiaokangwang @kkkgo @wongsyrone @kslr @Platway @kotori2 @Windendless @Bryan2333 @Ariselia