search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
24.19k stars 3.8k forks source link

v1.7.2 vision流控无法使用ss的2022-blake3-aes-256-gcm中转 #1500

Closed kmb21y66 closed 4 months ago

kmb21y66 commented 1 year ago

所有服务端客户端版本均为v1.7.2 配置情况类似#1403 检查过配置文件,中转机和落地机流控均为xtls-rprx-vision,中转机入站的shadowsocks在使用chacha20-ietf-poly1305中转时正常,而使用2022-blake3-aes-256-gcm时无法访问网页 测试中转机使用2022-blake3-aes-256-gcm时不进行中转而是直连时网页访问正常 客户端日志:

[Info] [1682512687] proxy/socks: TCP Connect request to tcp:ip.skk.moe:443
[Info] [1682512687] app/dispatcher: sniffed domain: ip.skk.moe
tcp:127.0.0.1:64301 accepted tcp:ip.skk.moe:443 [socks -> proxy]
[Info] [1682512687] app/dispatcher: taking detour [proxy] for [tcp:ip.skk.moe:443]
[Info] [1682512687] proxy/shadowsocks_2022: tunneling request to tcp:ip.skk.moe:443 via xxx
[Info] [1682512687] transport/internet/tcp: dialing TCP to tcp:xxx
[Debug] transport/internet: dialing to tcp:xxx
[Info] [1682512687] app/proxyman/outbound: failed to process outbound traffic > download: cipher: message authentication failed | upload: EOF
[Info] [1682512687] app/proxyman/inbound: connection ends > proxy/socks: connection ends > proxy/socks: failed to transport all TCP response > io: read/write on closed pipe

中转机日志:

[Info] [3046467828] proxy/shadowsocks_2022: tunnelling request to tcp:ip.skk.moe:443
[Info] [3046467828] app/dispatcher: taking detour [aaaa] for [tcp:ip.skk.moe:443]
[Info] [3046467828] transport/internet/tcp: dialing TCP to tcp:yyy:443
[Info] [3046467828] proxy/vless/outbound: tunneling request to tcp:ip.skk.moe:443 via yyy:443
[Info] [3046467828] proxy/vless/encoding: XtlsFilterTls found tls client hello! 547
[Info] [3046467828] proxy/vless/encoding: XtlsPadding 547 818 0
[Info] [3046467828] proxy/vless/encoding: Xtls Unpadding new block0 16 content 212 padding 1108 0
[Info] [3046467828] proxy/vless/encoding: XtlsFilterTls found tls 1.3! 212 TLS_AES_128_GCM_SHA256
[Info] [3046467828] proxy/vless/encoding: XtlsPadding 64 890 0
[Info] [3046467828] proxy/vless/encoding: XtlsPadding 98 818 2
[Info] [3046467828] proxy/vless/encoding: XtlsWrite writeV 1 1880 0
[Info] [3046467828] proxy/vless/encoding: Xtls Unpadding new block0 0 content 521 padding 737 2
[Info] [3046467828] proxy/vless/encoding: XtlsRead splice
[Info] [3046467828] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > proxy/vless/outbound: failed to transfer response payload > readfrom tcp xxx->zzz: splice: broken pipe

落地机日志:

[Info] [1453989842] proxy/vless/inbound: firstLen = 1186
[Info] [1453989842] proxy/vless/inbound: received request for tcp:ip.skk.moe:443
[Info] [1453989842] proxy/vless/encoding: Xtls Unpadding new block0 16 content 547 padding 818 0
[Info] [1453989842] proxy/vless/encoding: XtlsFilterTls found tls client hello! 547
[Info] [1453989842] app/dispatcher: sniffed domain: ip.skk.moe
[Info] [1453989842] app/dispatcher: taking detour [direct] for [tcp:ip.skk.moe:443]
[Info] [1453989842] proxy/freedom: opening connection to tcp:ip.skk.moe:443
[Info] [1453989842] transport/internet/tcp: dialing TCP to tcp:ip.skk.moe:443
[Info] [1453989842] proxy/vless/encoding: XtlsFilterTls found tls 1.3! 212 TLS_AES_128_GCM_SHA256
[Info] [1453989842] proxy/vless/encoding: XtlsPadding 212 1108 0
[Info] [1453989842] proxy/vless/encoding: Xtls Unpadding new block0 0 content 64 padding 890 0
[Info] [1453989842] proxy/vless/encoding: Xtls Unpadding new block0 0 content 98 padding 818 2
[Info] [1453989842] proxy/vless/encoding: XtlsRead readV
[Info] [1453989842] proxy/vless/encoding: XtlsPadding 521 737 2
[Info] [1453989842] proxy/vless/encoding: XtlsWrite writeV 0 1263 0
cross-hello commented 1 year ago

could golang specify TLS 1.3 cipher suit? https://github.com/XTLS/Xray-core/issues/1484#issuecomment-1371076601 From information contained in the jumping url, it is not supported by golang by now.

cross-hello commented 1 year ago

Golang officially will support tls1.3 cipher suit configuration if TLS 1.3 ecosystem request explicitly, which has not happened until now.

kmb21y66 commented 1 year ago

Golang officially will support tls1.3 cipher suit configuration if TLS 1.3 ecosystem request explicitly, which has not happened until now.

这里描述的chacha20-ietf-poly1305并不是xtls的加密套件,而是中转机入站shadowsocks的加密方式,中转机出站以及落地机入站vless的tlsSettings里的cipherSuites没有指定

cross-hello commented 1 year ago

😅( it is good time to play transparent straw man. You can't see us, you can't see. You must tell yourself. )

Jan 8, 2023 21:52:15 kmb21y66 @.***>:

Golang officially will support tls1.3 cipher suit configuration if TLS 1.3 ecosystem request explicitly, which has not happened until now.

这里描述的chacha20-ietf-poly1305并不是xtls的加密套件,而是中转机入站shadowsocks的加密方式,中转机出站以及落地机入站vless的tlsSettings里的cipherSuites没有指定

— Reply to this email directly, view it on GitHub[https://github.com/XTLS/Xray-core/issues/1500#issuecomment-1374841628], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYEOS4JTHNNG3NQG3DTWRLBA7ANCNFSM6AAAAAATUSFK4I]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYHMA3W6IJ5OROZBBUTWRLBA7A5CNFSM6AAAAAATUSFK4KWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSR6JVRY.gif]