mirrors/XTLS_REALITY
0
0
Fork 0
mirror of https://github.com/XTLS/REALITY.git synced 2025-08-22 14:38:35 +00:00
Code

Commit Graph

  • de3bb4d08f Update readme main yuhan6665 2025-07-27 18:37:21 -0400
  • 5b52a03d4f
         Fix sending Server Hello in an unexpected way for fixing edge cases RPRX 2025-07-25 14:20:56 +0000
  • c6320729d9
         README.md: Add REALITY NFT's image & link RPRX 2025-07-23 12:10:14 +0000
  • 00881f6740
         README.md: Add "mldsa65Seed" and "mldsa65Verify" to example RPRX 2025-07-23 02:23:38 +0000
  • 4eaf7927f3
         REALITY protocol: Add optional Post-Quantum ML-DSA-65 signature to cert's ExtraExtensions RPRX 2025-07-22 04:56:54 +0000
  • ebbbf46ec3
         REALITY protocol: Use X25519MLKEM768's data if X25519 doesn't exist in Client Hello RPRX 2025-07-22 04:56:14 +0000
  • 4f8fcee58e crypto/tls: empty server_name conf. ext. from server When a TLS server uses the information from the server_name extension in a client hello, and the connection isn't resuming, it should return an empty server_name extension in its server hello (or encrypted extensions for TLS 1.3). update yuhan6665 2025-07-20 22:28:29 -0400
  • 722d440e19 crypto/tls: ensure the ECDSA curve matches the signature algorithm Change-Id: I6a6a4656c1b47ba6bd652d4da18922cb6b80a8ab Reviewed-on: https://go-review.googlesource.com/c/go/+/675836 Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> TryBot-Bypass: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> yuhan6665 2025-07-20 22:23:40 -0400
  • 4a4e2b7bb3 crypto/tls: enable signature algorithm BoGo tests (and fix two bugs) The two bugs are very minor: yuhan6665 2025-07-20 22:16:23 -0400
  • bd37578703 Update dependencies yuhan6665 2025-07-20 22:32:01 -0400
  • 69793c8640
         REALITY protocol: Add optional Post-Quantum ML-DSA-65 signature to cert's ExtraExtensions RPRX 2025-07-21 01:51:33 +0000
  • 69a94c6c1d
         REALITY protocol: Use X25519MLKEM768's data if X25519 doesn't exist in Client Hello RPRX 2025-07-21 01:50:19 +0000
  • 05a351a645
         Three types of ALPN for post-handshake records detection & imitation RPRX 2025-07-15 05:57:25 +0000
  • 5eeac447fe Delay and detect H2 settings frame delay yuhan6665 2025-07-13 21:13:17 -0400
  • 7e74211727 Add more fingerprints identification fingerprint-probe yuhan6665 2025-07-01 22:45:46 -0400
  • 6219e43643 Simple method for IdentifyModernFingerprint yuhan6665 2025-06-28 23:23:49 -0400
  • e62c4aed0d
         Refactor post-handshake records detection & imitation again RPRX 2025-06-27 14:14:58 +0000
  • dc28cce21c
         Fix missing config.Show check before printing len(postHandshakeRecord) (#18) wyx2685 2025-06-27 19:39:29 +0800
  • 035d0975b5
         Allow parallel PostHandshakeRecordsLens detection 风扇滑翔翼 2025-06-26 19:18:40 +0000
  • 49f5025763 Record packet length with time yuhan6665 2025-06-22 23:59:42 -0400
  • 58ea65fd17 fix: add check for existing sni.(I guess if fingerprint and sni already exist than all sni already processed) jesus 2025-06-17 18:03:10 +0400
  • f95e393ceb refactor: add fast exit from DetectPostHandshakeRecordsLens if fingerprint already exists in GlobalPostHandshakeRecordsLens. jesus 2025-06-16 21:41:30 +0400
  • 6833ba5445 Fix a bug when multiple inbounds defined with same sni yuhan6665 2025-06-15 17:11:51 -0400
  • f13edcc98b Fix hanging issue for some randomized fingerprints yuhan6665 2025-06-15 00:30:40 -0400
  • 448c984cf3 Fix missing config.Show check wyx2685 2025-06-10 08:06:45 +0000
  • 0d942695e3 Fix bug yuhan6665 2025-06-09 10:21:50 -0400
  • cb47a5839c Add probe for all modern fingerprint yuhan6665 2025-06-08 17:17:34 -0400
  • 50752aec6b
         Some small changes RPRX 2025-06-08 13:21:14 +0000
  • 4fd34dd4eb
         feat: Add rate limiting to fallback handling via token bucket (#12) Meow 2025-06-08 21:11:45 +0800
  • 57855d234c
         Update README.en.md RPRX 2025-06-08 12:52:15 +0000
  • d4826882fc
         Update tls.go RPRX 2025-06-08 12:26:07 +0000
  • 8257b211ae
         Update README.md RPRX 2025-06-08 12:18:49 +0000
  • 88743262d3
         Update README.md RPRX 2025-06-08 12:14:18 +0000
  • 423529f911
         Update common.go RPRX 2025-06-08 12:05:51 +0000
  • b3dfe09a07
         Update tls.go RPRX 2025-06-08 12:02:51 +0000
  • 931974b633 0 Meo597 2025-06-08 19:57:06 +0800
  • d405a94c95 readme Meo597 2025-06-08 19:48:50 +0800
  • fad0d8da96 conn Meo597 2025-06-08 19:44:26 +0800
  • b1225047c7 readme Meo597 2025-06-08 19:39:26 +0800
  • fda134e780 ok Meo597 2025-06-08 19:37:22 +0800
  • 39d54e1d67 refactor Meo597 2025-06-08 19:30:25 +0800
  • 82f8367c40 read Meo597 2025-06-08 18:58:39 +0800
  • 8a58ed1c1a uint64 Meo597 2025-06-08 18:28:17 +0800
  • d7bec4a74f int64 Meo597 2025-06-08 18:10:49 +0800
  • 766b7c6936 compare Meo597 2025-06-08 18:09:22 +0800
  • 1eecf21a00 order Meo597 2025-06-08 17:57:55 +0800
  • 021948a552 write Meo597 2025-06-08 17:54:39 +0800
  • 377d9dc095 New config file style Meo597 2025-06-08 17:20:51 +0800
  • 4b636d90bd Update README: New config file style Meo597 2025-06-08 14:57:53 +0800
  • e195acb047 Replace Limit to LimitFb Meo597 2025-06-08 14:40:53 +0800
  • 5ccbfeb2d4 Fix the misspelling of burst Meo597 2025-06-08 13:46:15 +0800
  • 1b088adc09 ratelimit: limit after Meo597 2025-03-27 04:52:55 +0800
  • 6810f8a623 feat: Add rate limiting to fallback handling via token bucket Meo597 2025-03-26 08:39:11 +0800
  • 90e738a94c
         Refine GlobalPostHandshakeRecordsLens' locker RPRX 2025-06-07 10:56:25 +0000
  • 88910695ec
         Use Chrome's fingerprint to trigger target's post-handshake records RPRX 2025-06-07 08:21:47 +0000
  • 21af070492
         Refactor post-handshake records detection & imitation RPRX 2025-06-06 06:46:02 +0000
  • 967adadcc7
         Add post-handshake records detection (#17) 风扇滑翔翼 2025-06-06 09:44:11 +0800
  • f953a50042
         Handle handshake err 风扇滑翔翼 2025-06-04 16:02:09 +0000
  • 7c1cc2cde4
         Add record detect 风扇滑翔翼 2025-06-04 15:52:12 +0000
  • e679ef7bb1 crypto/tls: signature_algorithms in CertificateRequest can't be empty Change-Id: I6a6a4656ab97e1f247df35b2589cd73461b4ac76 Reviewed-on: https://go-review.googlesource.com/c/go/+/675917 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> yuhan6665 2025-05-25 16:05:54 -0400
  • c169f1395b crypto/tls: reject duplicate TLS 1.3 EncryptedExtensions When a TLS 1.3 client processes the server's encryptedExtensionsMsg it should reject instances that contain duplicate extension types. yuhan6665 2025-05-25 16:04:50 -0400
  • 3c80a18847 crypto/tls: use decode alert for handshake msg unmarshal err Previously if instances of the handshakeMessage interface returned false from unmarshal(), indicating an umarshalling error, the crypto/tls package would emit an unexpected_message alert. This commit changes to use a decode_error alert for this condition instead. yuhan6665 2025-05-25 16:02:24 -0400
  • 5a0e0628ae crypto/tls: disable SHA-1 signature algorithms in TLS 1.2 This implements RFC 9155 by removing support for SHA-1 algorithms: yuhan6665 2025-05-25 16:00:59 -0400
  • 5938152cb0 crypto/tls: don't advertise TLS 1.2-only sigAlgs in TLS 1.3 If a ClientHello only supports TLS 1.3, or if a CertificateRequest is sent after selecting TLS 1.3, we should not advertise TLS 1.2-only signature_algorithms like PKCS#1 v1.5 or SHA-1. yuhan6665 2025-05-25 15:48:10 -0400
  • a74700bdda crypto/tls: match compression method alert across versions When a pre-TLS 1.3 server processes a client hello message that indicates compression methods that don't include the null compression method, send an illegal parameter alert. yuhan6665 2025-05-25 15:37:45 -0400
  • 84df3a70da crypto/tls: delete dead code curveIDForCurve This unexported function has no call-sites. yuhan6665 2025-05-25 15:36:55 -0400
  • 792d6c1166 crypto/tls: verify server chooses advertised curve When a crypto/tls client using TLS < 1.3 sends supported elliptic_curves in a client hello message the server must limit itself to choosing one of the supported options from our message. If we process a server key exchange message that chooses an unadvertised curve, abort the handshake w/ an error. yuhan6665 2025-05-25 15:36:12 -0400
  • 6648c3b5a7 crypto/tls: have servers prefer TLS 1.3 when supported Previously the common Config.mutualVersion() code prioritized the selected version based on the provided peerVersions being sent in peer preference order. yuhan6665 2025-05-25 15:34:38 -0400
  • 8ef3e8ca6d crypto/tls: add GetEncryptedClientHelloKeys This allows servers to rotate their ECH keys without needing to restart the server. yuhan6665 2025-05-25 15:32:29 -0400
  • 176e7bdccb crypto/tls: replace custom intern cache with weak cache Uses the new weak package to replace the existing custom intern cache with a map of weak.Pointers instead. This simplifies the cache, and means we don't need to store a slice of handles on the Conn anymore. yuhan6665 2025-05-25 15:27:31 -0400
  • 28a42c2be7 Use public module for AES GCM yuhan6665 2025-05-25 15:15:36 -0400
  • a66a2f0ccf Expose EchConfig for xray core client config yuhan6665 2025-05-18 22:08:21 -0400
  • 1292b8ce43 Update dependencies Pk-web6936 2025-05-19 10:20:04 +0000
  • aa3b80bc9c crypto/tls: signature_algorithms in CertificateRequest can't be empty Change-Id: I6a6a4656ab97e1f247df35b2589cd73461b4ac76 Reviewed-on: https://go-review.googlesource.com/c/go/+/675917 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> yuhan6665 2025-05-25 16:05:54 -0400
  • 93949685ac crypto/tls: reject duplicate TLS 1.3 EncryptedExtensions When a TLS 1.3 client processes the server's encryptedExtensionsMsg it should reject instances that contain duplicate extension types. yuhan6665 2025-05-25 16:04:50 -0400
  • 7514c91fe9 crypto/tls: use decode alert for handshake msg unmarshal err Previously if instances of the handshakeMessage interface returned false from unmarshal(), indicating an umarshalling error, the crypto/tls package would emit an unexpected_message alert. This commit changes to use a decode_error alert for this condition instead. yuhan6665 2025-05-25 16:02:24 -0400
  • b82f8bbb59 crypto/tls: disable SHA-1 signature algorithms in TLS 1.2 This implements RFC 9155 by removing support for SHA-1 algorithms: yuhan6665 2025-05-25 16:00:59 -0400
  • e82a8e057c crypto/tls: don't advertise TLS 1.2-only sigAlgs in TLS 1.3 If a ClientHello only supports TLS 1.3, or if a CertificateRequest is sent after selecting TLS 1.3, we should not advertise TLS 1.2-only signature_algorithms like PKCS#1 v1.5 or SHA-1. yuhan6665 2025-05-25 15:48:10 -0400
  • 5245e84e2b crypto/tls: match compression method alert across versions When a pre-TLS 1.3 server processes a client hello message that indicates compression methods that don't include the null compression method, send an illegal parameter alert. yuhan6665 2025-05-25 15:37:45 -0400
  • 23391d6c98 crypto/tls: delete dead code curveIDForCurve This unexported function has no call-sites. yuhan6665 2025-05-25 15:36:55 -0400
  • 039667f830 crypto/tls: verify server chooses advertised curve When a crypto/tls client using TLS < 1.3 sends supported elliptic_curves in a client hello message the server must limit itself to choosing one of the supported options from our message. If we process a server key exchange message that chooses an unadvertised curve, abort the handshake w/ an error. yuhan6665 2025-05-25 15:36:12 -0400
  • b7a03712bd crypto/tls: have servers prefer TLS 1.3 when supported Previously the common Config.mutualVersion() code prioritized the selected version based on the provided peerVersions being sent in peer preference order. yuhan6665 2025-05-25 15:34:38 -0400
  • 1b86b6ea09 crypto/tls: add GetEncryptedClientHelloKeys This allows servers to rotate their ECH keys without needing to restart the server. yuhan6665 2025-05-25 15:32:29 -0400
  • 3682e614bc crypto/tls: replace custom intern cache with weak cache Uses the new weak package to replace the existing custom intern cache with a map of weak.Pointers instead. This simplifies the cache, and means we don't need to store a slice of handles on the Conn anymore. yuhan6665 2025-05-25 15:27:31 -0400
  • 667c75f191 Use public module for AES GCM yuhan6665 2025-05-25 15:15:36 -0400
  • 8ca48eb252 Update dependencies Pk-web6936 2025-05-19 10:20:04 +0000
  • 86c0225218 Expose EchConfig for xray core client config yuhan6665 2025-05-18 22:08:21 -0400
  • 4df2ec9a5b
         REALITY protocol: Remove ChaCha20-Poly1305 support for REALITY's session id auth RPRX 2025-05-16 07:07:13 +0000
  • 514f8647ea More fixes for AES block yuhan6665 2025-05-13 08:52:09 -0400
  • 2ea7e5619e
         Fix https://github.com/XTLS/Xray-core/pull/3813#issuecomment-2874943277 RPRX 2025-05-13 04:53:25 +0000
  • f07c896f71
         REALITY practice: Support X25519MLKEM768 for TLS' communication RPRX 2025-05-12 20:18:51 +0000
  • ce2747b9b0
         Merge pull request #14 from XTLS/go124 RPRX 2025-05-12 17:55:31 +0000
  • 20f151b00a crypto/tls: handle client hello version too high If the client hello legacy version is >= TLS 1.3, and no supported_versions extension is sent, negotiate TLS 1.2 or lower when supported. yuhan6665 2025-05-10 23:50:17 -0400
  • db7cbf40cc crypto/tls: fix TLS <1.3 client cert required alert Previously for protocol versions older than TLS 1.3 our server handshake implementation sent an alertBadCertificate alert in the case where the server TLS config indicates a client cert is required and none was received. yuhan6665 2025-05-10 23:49:02 -0400
  • b5e214e5fe crypto/tls: err for unsupported point format configs If a client or server explicitly offers point formats, and the point formats don't include the uncompressed format, then error. This matches BoringSSL and Rustls behaviour and allows enabling the PointFormat-Client-MissingUncompressed bogo test. yuhan6665 2025-05-10 23:46:21 -0400
  • eef41364b3 crypto/tls: update TLS 1.3 client compression validation Unlike in earlier TLS versions, in TLS 1.3 when processing a server hello the legacy_compression_method MUST have the value 0. It is no longer a parameter that offers a choice of compression method. yuhan6665 2025-05-10 23:41:59 -0400
  • ce70d0748e crypto/tls: use illegal param alert for bad compression Previously if the clientHandshakeState for the TLS 1.2 client code encountered a server helo message that contained a compression method other than compressionNone, we would emit an unexpected message alert. yuhan6665 2025-05-10 23:39:22 -0400
  • 69ea598173 crypto/tls: use runtime.AddCleanup instead of runtime.SetFinalizer Replace the usage of runtime.SetFinalizer with runtime.AddCleanup in the certificate cache. yuhan6665 2025-05-10 23:37:34 -0400
  • 5b2edd4705 crypto/tls: add offered cipher suites to the handshake error This change makes debugging easier if the server handshake fails because the client only offers unsupported algorithms. yuhan6665 2025-05-10 23:33:34 -0400
  • 5052e9a93c crypto/tls: use crypto/hkdf For consistency, prefer crypto/hkdf over crypto/internal/fips140/hkdf. Both should have the same behavior given the constrained use of HKDF in TLS. yuhan6665 2025-05-10 23:30:06 -0400