reality无法使用某些域名作为serverName

[Beloved99]

问题

使用actions构建1.7.5版本，当reality的serverName设置为某些域名如windowsupdate.microsoft.com时，无法连接

C:\Users\User1>curl --socks5-hostname 127.0.0.1:10808 ip.sb
curl: (52) Empty reply from server

服务端配置

log:
  loglevel: debug
inbounds:
  - port: 443
    protocol: vless
    settings:
      clients:
        - id: <UUID>
          flow: xtls-rprx-vision
      decryption: none
    streamSettings:
      network: tcp
      security: reality
      realitySettings:
        show: true
        dest: "20.72.235.82:443"
        serverNames:
          - "windowsupdate.microsoft.com"
        privateKey: "<PRIVATEKEY>"
        shortIds:
          - "<SHORTID>"
outbounds:
  - protocol: freedom
    streamSettings:
      sockopt:
        interface: wg0

客户端配置

{
    "log": {
        "loglevel": "debug"
    },
    "inbounds": [
        {
            "tag": "socks",
            "port": 10808,
            "listen": "127.0.0.1",
            "protocol": "socks",
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls"
                ],
                "routeOnly": false
            },
            "settings": {
                "auth": "noauth",
                "udp": true,
                "allowTransparent": false
            }
        }
    ],
    "outbounds": [
        {
            "tag": "proxy",
            "protocol": "vless",
            "settings": {
                "vnext": [
                    {
                        "address": "<SERVERIP>",
                        "port": 443,
                        "users": [
                            {
                                "id": "<UUID>",
                                "security": "auto",
                                "encryption": "none",
                                "flow": "xtls-rprx-vision"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "serverName": "windowsupdate.microsoft.com",
                    "fingerprint": "chrome",
                    "publicKey": "<PUBLICKEY>",
                    "shortId": "<SHORTID>",
                    "spiderX": "/"
                }
            }
        }
    ]
}

服务端日志

REALITY remoteAddr: clientIp:50988
REALITY remoteAddr: clientIp:50988 hs.clientHello.sessionId: [199 151 18 214 147 201 188 130 94 203 167 52 35 96 31 221 74 128 64 62 30 120 157 110 100 236 0 188 84 212 146 144]
REALITY remoteAddr: clientIp:50988 hs.c.AuthKey: [46 118 198 64 233 155 84 212 29 222 184 57 106 54 152 42 246 230 19 116 137 94 68 69 207 103 114 244 125 59 39 204]
REALITY remoteAddr: clientIp:50988 hs.c.ClientVer: [1 7 5]
REALITY remoteAddr: clientIp:50988 hs.c.ClientTime: 2023-02-17 23:59:54 +0000 UTC
REALITY remoteAddr: clientIp:50988 hs.c.ClientShortId: [117 137 130 6 0 0 0 0]
REALITY remoteAddr: clientIp:50988 hs.c.conn == underlying: true
REALITY remoteAddr: clientIp:50988 len(s2cSaved): 4229     Server Hello: 4229
REALITY remoteAddr: clientIp:50988 handled: false
2023/02/17 23:59:57 [Info] transport/internet/tcp: REALITY: processed invalid connection
REALITY remoteAddr: clientIp:50989
REALITY remoteAddr: clientIp:50989 hs.clientHello.sessionId: [133 47 117 165 76 42 8 216 56 241 223 188 54 45 245 58 138 239 119 145 239 67 205 114 196 146 240 177 182 2 251 194]
REALITY remoteAddr: clientIp:50989 hs.c.AuthKey: [143 121 251 203 247 124 58 210 98 251 166 125 171 155 154 114 234 134 143 168 13 206 187 87 232 99 100 134 106 106 178 21]
REALITY remoteAddr: clientIp:50989 hs.c.ClientVer: [1 7 5]
REALITY remoteAddr: clientIp:50989 hs.c.ClientTime: 2023-02-17 23:59:57 +0000 UTC
REALITY remoteAddr: clientIp:50989 hs.c.ClientShortId: [117 137 130 6 0 0 0 0]
REALITY remoteAddr: clientIp:50989 hs.c.conn == underlying: true
REALITY remoteAddr: clientIp:50989 len(s2cSaved): 4229     Server Hello: 4229
REALITY remoteAddr: clientIp:50989 handled: false
2023/02/17 23:59:57 [Info] transport/internet/tcp: REALITY: processed invalid connection
REALITY remoteAddr: clientIp:50990
REALITY remoteAddr: clientIp:50990 hs.clientHello.sessionId: [93 229 193 213 197 28 247 44 202 221 246 100 13 3 209 55 253 82 70 142 100 182 137 102 61 254 64 92 245 234 31 12]
REALITY remoteAddr: clientIp:50990 hs.c.AuthKey: [75 249 248 223 21 237 227 212 109 103 212 80 218 151 136 32 227 70 212 180 22 134 87 192 183 49 83 105 14 185 60 190]
REALITY remoteAddr: clientIp:50990 hs.c.ClientVer: [1 7 5]
REALITY remoteAddr: clientIp:50990 hs.c.ClientTime: 2023-02-17 23:59:58 +0000 UTC
REALITY remoteAddr: clientIp:50990 hs.c.ClientShortId: [117 137 130 6 0 0 0 0]
REALITY remoteAddr: clientIp:50990 hs.c.conn == underlying: true
REALITY remoteAddr: clientIp:50990 len(s2cSaved): 4229     Server Hello: 4229
REALITY remoteAddr: clientIp:50990 handled: false
2023/02/17 23:59:58 [Info] transport/internet/tcp: REALITY: processed invalid connection
REALITY remoteAddr: clientIp:50991
REALITY remoteAddr: clientIp:50991 hs.clientHello.sessionId: [79 184 61 244 44 53 194 56 163 157 75 222 111 209 67 82 214 98 174 91 55 131 240 24 151 16 70 27 63 249 169 174]
REALITY remoteAddr: clientIp:50991 hs.c.AuthKey: [129 101 158 201 163 63 87 62 48 142 35 45 33 198 89 12 77 40 157 192 33 79 41 64 228 12 92 247 183 201 53 18]
REALITY remoteAddr: clientIp:50991 hs.c.ClientVer: [1 7 5]
REALITY remoteAddr: clientIp:50991 hs.c.ClientTime: 2023-02-17 23:59:58 +0000 UTC
REALITY remoteAddr: clientIp:50991 hs.c.ClientShortId: [117 137 130 6 0 0 0 0]
REALITY remoteAddr: clientIp:50991 hs.c.conn == underlying: true
REALITY remoteAddr: clientIp:50991 len(s2cSaved): 4229     Server Hello: 4229
REALITY remoteAddr: clientIp:50991 handled: false
2023/02/17 23:59:59 [Info] transport/internet/tcp: REALITY: processed invalid connection
REALITY remoteAddr: clientIp:50992
REALITY remoteAddr: clientIp:50992 hs.clientHello.sessionId: [212 160 94 138 252 90 124 210 189 8 172 206 144 177 124 191 60 185 190 117 112 249 222 31 8 75 217 82 56 35 50 13]
REALITY remoteAddr: clientIp:50992 hs.c.AuthKey: [41 218 162 147 149 199 212 142 117 243 27 234 56 109 219 229 219 95 134 215 177 67 238 2 85 187 115 9 137 112 44 5]
REALITY remoteAddr: clientIp:50992 hs.c.ClientVer: [1 7 5]
REALITY remoteAddr: clientIp:50992 hs.c.ClientTime: 2023-02-17 23:59:59 +0000 UTC
REALITY remoteAddr: clientIp:50992 hs.c.ClientShortId: [117 137 130 6 0 0 0 0]
REALITY remoteAddr: clientIp:50992 hs.c.conn == underlying: true
REALITY remoteAddr: clientIp:50992 len(s2cSaved): 4229     Server Hello: 4229
REALITY remoteAddr: clientIp:50992 handled: false
2023/02/18 00:00:00 [Info] transport/internet/tcp: REALITY: processed invalid connection

客户端日志

2023/02/18 07:59:50 [Warning] core: Xray 1.7.5 started
2023/02/18 07:59:54 [Info] [539517958] proxy/socks: TCP Connect request to tcp:ip.sb:80
2023/02/18 07:59:54 [Info] [539517958] app/dispatcher: sniffed domain: ip.sb
2023/02/18 07:59:54 [Info] [539517958] app/dispatcher: taking detour [proxy] for [tcp:ip.sb:80]
2023/02/18 07:59:54 [Info] [539517958] transport/internet/tcp: dialing TCP to tcp:serverIp:443
2023/02/18 07:59:54 [Debug] transport/internet: dialing to tcp:serverIp:443
2023/02/18 07:59:54 tcp:127.0.0.1:60049 accepted tcp:ip.sb:80 [socks -> proxy]
2023/02/18 07:59:57 [Info] [539517958] transport/internet/tcp: dialing TCP to tcp:serverIp:443
2023/02/18 07:59:57 [Debug] transport/internet: dialing to tcp:serverIp:443
2023/02/18 07:59:58 [Info] [539517958] transport/internet/tcp: dialing TCP to tcp:serverIp:443
2023/02/18 07:59:58 [Debug] transport/internet: dialing to tcp:serverIp:443
2023/02/18 07:59:58 [Info] [539517958] transport/internet/tcp: dialing TCP to tcp:serverIp:443
2023/02/18 07:59:58 [Debug] transport/internet: dialing to tcp:serverIp:443
2023/02/18 07:59:59 [Info] [539517958] transport/internet/tcp: dialing TCP to tcp:serverIp:443
2023/02/18 07:59:59 [Debug] transport/internet: dialing to tcp:serverIp:443
2023/02/18 08:00:01 [Warning] [539517958] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [EOF] > common/retry: all retry attempts failed
2023/02/18 08:00:01 [Info] [539517958] app/proxyman/inbound: connection ends > proxy/socks: connection ends > proxy/socks: failed to transport all TCP response > io: read/write on closed pipe

[RPRX]

目标网站必须支持 TLSv1.3，不过我很好奇 Server Hello: 4229 里塞了啥

我们定个小目标，REALITY stars 到 256 当天出模板

[FranzKafkaYu]

目标网站必须支持 TLSv1.3，~不过我很好奇 Server Hello: 4229 里塞了啥~

我们定个小目标，REALITY stars 到 256 当天出模板

出模板也包括小作文吗

[RPRX]

目标网站必须支持 TLSv1.3，~不过我很好奇 Server Hello: 4229 里塞了啥~ 我们定个小目标，REALITY stars 到 256 当天出模板

出模板也包括小作文吗

那是另外的价格了

[RPRX]

模板文件夹已建好，buff 已叠满：VLESS-TCP-XTLS-Vision-uTLS-REALITY

现在无法发频道消息并 pin 到群里，最近出的新版本都没能发，不妥

麻烦 @badO1a5A90 有空时把群和频道的完整权限 copy 一份给 @yuhan6665

[RPRX]

@badO1a5A90 有 Project X 群的完整权限，频道的权限也有，我忘了是不是完整的，即使不是，给 Telegram 发邮件应该就行了

[RPRX]

群里那位 Skyline 别水了，截图我看到了且修好了，你发个 issue

[FranzKafkaYu]

@RPRX 达标了，该兑现了

[whwhwh93]

下个目标，小作文

[Moius]

模板文件夹已建好，buff 已叠满：VLESS-TCP-XTLS-Vision-uTLS-REALITY

现在无法发频道消息并 pin 到群里，最近出的新版本都没能发，不妥

麻烦 @badO1a5A90 有空时把群和频道的完整权限 copy 一份给 @yuhan6665

是时候上传模板了！

[csryt]

@whwhwh93 R佬加油

[sssagsag]

lol Hoping that the firewall is malfunctioning

[cross-hello]

Why don't you leave some joy to big scale blocking which maybe happen two months after

Feb 18, 2023 16:04:54 whwhwh93 @.***>:

今天一发版，明天gfw全员周末加班

— Reply to this email directly, view it on GitHub[https://github.com/XTLS/Xray-core/issues/1664#issuecomment-1435517557], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYHOOZFZJT5Y5TLVQODWYB7CLANCNFSM6AAAAAAVAAKE2E]. You are receiving this because you are subscribed to this thread.[Tracking image][https://github.com/notifications/beacon/AKGBAYANR66XG4CE5TD32ODWYB7CLA5CNFSM6AAAAAAVAAKE2GWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSVSBBHK.gif]

[sssagsag]

Why don't you leave some joy to big scale blocking which maybe happen two months after Feb 18, 2023 16:04:54 whwhwh93 @.***>: … 今天一发版，明天gfw全员周末加班 — Reply to this email directly, view it on GitHub[#1664 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYHOOZFZJT5Y5TLVQODWYB7CLANCNFSM6AAAAAAVAAKE2E]. You are receiving this because you are subscribed to this thread.[Tracking image][https://github.com/notifications/beacon/AKGBAYANR66XG4CE5TD32ODWYB7CLA5CNFSM6AAAAAAVAAKE2GWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSVSBBHK.gif]

They can't eat anything until now, the dictatorial governments have not been able to do anything

[cross-hello]

Even they can they will not do it for now. You see, absolutely block protocols is impossible, but frustrating adversary is necessary, in a special time.

[Fangliding]

模板文件夹已建好，buff 已叠满：VLESS-TCP-XTLS-Vision-uTLS-REALITY

现在无法发频道消息并 pin 到群里，最近出的新版本都没能发，不妥

麻烦 @badO1a5A90 有空时把群和频道的完整权限 copy 一份给 @yuhan6665

亚瑟好久没出现过了 现在xray群所有者就是亚瑟(似乎在群主销号后TG会把群聊所有权移交给拥有完整权限的管理员)

[badO1a5A90]

@badO1a5A90 有 Project X 群的完整权限，频道的权限也有，~我忘了是不是完整的~，即使不是，给 Telegram 发邮件应该就行了

OK. 群做了调整了，频道那边有点问题，我TG上和@yuhan6665说来搞定就行。

[chika0801]

提个建议，加一个入群验证机器人，以前的已经罢工消失。

[badO1a5A90]

@badO1a5A90 有 Project X 群的完整权限，频道的权限也有，~我忘了是不是完整的~，即使不是，给 Telegram 发邮件应该就行了 之前 @yuhan6665 说把TG 频道的图标换为 Project X Org 的图标，还有加一些群管理员，也可以一并搞搞好，emmm，GitHub水这些不太合理，后续mail吧

[RPRX]

让我们重新定义一下”今天“

亚瑟好久没出现过了

我当然是知道 Arthur 一直都在，只是不一定看邮件，所以公开 call 一下以便被看到

现在xray群所有者就是亚瑟(似乎在群主销号后TG会把群聊所有权移交给拥有完整权限的管理员)

不是，现在都没有 Owner 了，但是 Arthur 一直都有群的完整权限，和 Owner 的权限完全一样，频道的权限应该也差不多

[sssagsag]

~Let's redefine "today"~

Arthur hasn't been seen in a long time

Of course I know that Arthur is always there, but I don’t necessarily read emails,~So make a public call to be seen~

Now the owner of the xray group is Arthur (it seems that TG will hand over the ownership of the group chat to the administrator with full permissions after the group master is deactivated)

No, there is no Owner now, but Arthur has always had the full authority of the group, which is exactly the same as the Owner's authority, and the channel authority should be similar

hi rprx when release Reality?

[badO1a5A90]

~让我们重新定义一下”今天“~

我当然是知道 Arthur 一直都在，只是不一定看邮件，~所以公开 call 一下以便被看到~

我知道你知道。 希望大家都能一直都在。

不是，现在都没有 Owner 了，但是 Arthur 一直都有群的完整权限，和 Owner 的权限完全一样，频道的权限应该也差不多

群里的琐事处理了。 是Owner。 等新版本发布再Pin新的 吧，以前的算了 吧。

[RPRX]

是Owner。

啊这，我一直以为会变成没有 Owner

[RPRX]

hi rprx when release Reality?

今天之内出模板，近期出文章和分享链接，加上 merge 一些 PR 与 Vision padding 的更新，就会发布 Xray-core v1.8.0 了

[hululu1068]

hi rprx when release Reality?

今天之内出模板，近期出文章和分享链接，加上 merge 一些 PR 与 Vision padding 的更新，就会发布 Xray-core v1.8.0 了

桌面端会出客户端吗。。。Qv2ray不支持Vision了。。。现在似乎没好用的XRAY客户端了

[Extreme-Icer]

hi rprx when release Reality?

今天之内出模板，近期出文章和分享链接，加上 merge 一些 PR 与 Vision padding 的更新，就会发布 Xray-core v1.8.0 了

桌面端会出客户端吗。。。Qv2ray不支持Vision了。。。现在似乎没好用的XRAY客户端了

v2rayN。目前最好用的

[cross-hello]

If you use Unix series systems, why don't you write a system service in client also, then you could use Network even you don't get noticed.

Feb 18, 2023 18:39:35 hululu1068 @.***>:

hi rprx when release Reality?

今天之内出模板，近期出文章和分享链接，加上 merge 一些 PR 与 Vision padding 的更新，就会发布 Xray-core v1.8.0 了

桌面端会出客户端吗。。。Qv2ray不支持Vision了。。。现在似乎没好用的XRAY客户端了

— Reply to this email directly, view it on GitHub[https://github.com/XTLS/Xray-core/issues/1664#issuecomment-1435639692], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYAOCBU4EMANELRY7BDWYCRGPANCNFSM6AAAAAAVAAKE2E]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYEMJYXRH4JVQIIN2A3WYCRGPA5CNFSM6AAAAAAVAAKE2GWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSVSIPYY.gif]

[hululu1068]

hi rprx when release Reality?

今天之内出模板，近期出文章和分享链接，加上 merge 一些 PR 与 Vision padding 的更新，就会发布 Xray-core v1.8.0 了

桌面端会出客户端吗。。。Qv2ray不支持Vision了。。。现在似乎没好用的XRAY客户端了

v2rayN。目前最好用的

不支持MAC

[Extreme-Icer]

hi rprx when release Reality?

今天之内出模板，近期出文章和分享链接，加上 merge 一些 PR 与 Vision padding 的更新，就会发布 Xray-core v1.8.0 了

桌面端会出客户端吗。。。Qv2ray不支持Vision了。。。现在似乎没好用的XRAY客户端了

v2rayN。目前最好用的

不支持MAC

那你只能等了。。

[cross-hello]

If you use Unix series systems, why don't you write a system service in client also, then you could use Network even you don't get noticed.

And add a auto-start script to set global proxy setting if you use desktop, like gnome

gsettings set  org.gnome.system.proxy mode "manual"
gsettings set  org.gnome.system.proxy.http  host 127.0.0.1
gsettings set  org.gnome.system.proxy.http  port 8889
gsettings set  org.gnome.system.proxy.https host 127.0.0.1
gsettings set  org.gnome.system.proxy.https port 8889
gsettings set  org.gnome.system.proxy.ftp   host 127.0.0.1
gsettings set  org.gnome.system.proxy.ftp   port 8889 
gsettings set  org.gnome.system.proxy.socks host 127.0.0.1
gsettings set  org.gnome.system.proxy.socks port 1089
gsettings set  org.gnome.system.proxy ignore-hosts "['localhost', '127.0.0.0/8', '::1', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']"

[ttimasdf]

我也遇到了同样的问题！！同样也是，使用 MS 域名作为上游。 我不知道我的测试方法对不对哈，但看起来是支持 TLSv1.3的

curl -v --tlsv1.3 https://software-download.microsoft.com

*   Trying 117.18.232.200:443...                                                                                                                                                                                                    [8/1818]* Connected to software-download.microsoft.com (117.18.232.200) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; CN=*.vo.msecnd.net
*  start date: Jul 11 00:00:00 2022 GMT
*  expire date: Jul 11 23:59:59 2023 GMT
*  subjectAltName: host "software-download.microsoft.com" matched cert's "software-download.microsoft.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55b8722aafc0)
> GET / HTTP/2
> Host: software-download.microsoft.com
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 500
< content-type: text/html
< date: Tue, 21 Mar 2023 16:17:45 GMT
< server: ECAcc (hkc/BDD0)
< content-length: 369
<
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"