【求教】：关于这两天cipher suites问题，我升级了内核，ws+nginx，这三个服务器的，还有问题么

[chunlintse]

这里是三个服务器，不同域名，但都基于ws+nginx，也已经升级内核到最新了。 目前，Windows，用的客户端是V2rayN，3.18 问题：为什么，还是一样样的……（半桶水，希望别嫌弃哈）。感谢。

我的服务器配置： { "inbounds": [ { "port": 007, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxx", "level": 1, "alterId": 64 } ], "detour": { "to": "dynamicPort" } }, "streamSettings":{ "network":"ws", "wsSettings": { "path": "/ws", "headers": { "Host": "xxxxxxx" } } }, "sniffing": { "enabled": true, "destOverride": ["http", "tls"] } } ], "outbounds": [ { "tag":"IP4_out", "protocol": "freedom", "settings": {} }, { "tag":"IP6_out", "protocol": "freedom", "settings": { "domainStrategy": "UseIPv6" } }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" } ], "routing": { "rules": [ { "type": "field", "outboundTag": "IP6_out", "domain": ["geosite:netflix"] }, { "type": "field", "ip": ["geoip:private"], "outboundTag": "blocked" }, { "type": "field", "outboundTag": "blocked", "protocol": [ "bittorrent" ] } ] } }

我的nginx配置：

location /ws {
  proxy_redirect off;
  proxy_http_version 1.1;
  proxy_ssl_protocols TLSv1.3;
  proxy_ssl_server_name on;
  proxy_ssl_name $host;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  proxy_set_header Host $host;
  proxy_ssl_ciphers HIGH:!aNULL:!MD5;
  # Show real IP in v2ray access.log
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  if ($http_upgrade != "websocket") {return 404;}
  if ($http_host = "xxxxxx" ) {proxy_pass http://127.0.0.1:007;}
}

我的客户端配置，从v2rayN导出的： { "policy": { "system": { "statsInboundUplink": true, "statsInboundDownlink": true } }, "log": { "access": "", "error": "", "loglevel": "warning" }, "inbounds": [ { "tag": "proxy", "port": 1080, "listen": "127.0.0.1", "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "ip": null, "address": null, "clients": null }, "streamSettings": null }, { "tag": "api", "port": 57817, "listen": "127.0.0.1", "protocol": "dokodemo-door", "sniffing": null, "settings": { "auth": null, "udp": false, "ip": null, "address": "127.0.0.1", "clients": null }, "streamSettings": null } ], "outbounds": [ { "tag": "proxy", "protocol": "vmess", "settings": { "vnext": [ { "address": "xxxxxxxx", "port": 443, "users": [ { "id": "xxxxxx", "alterId": 64, "email": "t@t.tt", "security": "auto" } ] } ], "servers": null, "response": null }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "allowInsecure": false, "serverName": "xxxxx" }, "tcpSettings": null, "kcpSettings": null, "wsSettings": { "connectionReuse": true, "path": "/ws", "headers": { "Host": "xxxxxx" } }, "httpSettings": null, "quicSettings": null }, "mux": { "enabled": true, "concurrency": 8 } }, { "tag": "direct", "protocol": "freedom", "settings": { "vnext": null, "servers": null, "response": null }, "streamSettings": null, "mux": null }, { "tag": "block", "protocol": "blackhole", "settings": { "vnext": null, "servers": null, "response": { "type": "http" } }, "streamSettings": null, "mux": null } ], "stats": {}, "api": { "tag": "api", "services": [ "StatsService" ] }, "dns": { "servers": [ "8.8.8.8", "180.76.76.76", "223.5.5.5", "2001:4860:4860::8888", "2001:4860:4860::8844", "2400:da00::6666", "240c::6644" ] }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "port": null, "inboundTag": [ "api" ], "outboundTag": "api", "ip": null, "domain": null }, { "type": "field", "port": null, "inboundTag": null, "outboundTag": "proxy", "ip": null, "domain": [ "geosite:google", "geosite:github", "geosite:netflix", "geosite:steam", "geosite:telegram", "geosite:tumblr", "geosite:speedtest", "geosite:bbc", "domain:gvt1.com", "domain:textnow.com", "domain:twitch.tv", "domain:wikileaks.org", "domain:naver.com" ] }, { "type": "field", "port": null, "inboundTag": null, "outboundTag": "proxy", "ip": [ "91.108.4.0/22", "91.108.8.0/22", "91.108.12.0/22", "91.108.20.0/22", "91.108.36.0/23", "91.108.38.0/23", "91.108.56.0/22", "149.154.160.0/20", "149.154.164.0/22", "149.154.172.0/22", "74.125.0.0/16", "173.194.0.0/16", "172.217.0.0/16", "216.58.200.0/24", "216.58.220.0/24", "91.108.56.116", "91.108.56.0/24", "109.239.140.0/24", "149.154.167.0/24", "149.154.175.0/24" ], "domain": null }, { "type": "field", "port": null, "inboundTag": null, "outboundTag": "direct", "ip": null, "domain": [ "domain:12306.com", "domain:51ym.me", "domain:52pojie.cn", "domain:8686c.com", "domain:abercrombie.com", "domain:adobesc.com", "domain:air-matters.com", "domain:air-matters.io", "domain:airtable.com", "domain:akadns.net", "domain:apache.org", "domain:api.crisp.chat", "domain:api.termius.com", "domain:appshike.com", "domain:appstore.com", "domain:aweme.snssdk.com", "domain:bababian.com", "domain:battle.net", "domain:beatsbydre.com", "domain:bet365.com", "domain:bilibili.cn", "domain:ccgslb.com", "domain:ccgslb.net", "domain:chunbo.com", "domain:chunboimg.com", "domain:clashroyaleapp.com", "domain:cloudsigma.com", "domain:cloudxns.net", "domain:cmfu.com", "domain:culturedcode.com", "domain:dct-cloud.com", "domain:didialift.com", "domain:douyutv.com", "domain:duokan.com", "domain:dytt8.net", "domain:easou.com", "domain:ecitic.net", "domain:eclipse.org", "domain:eudic.net", "domain:ewqcxz.com", "domain:fir.im", "domain:frdic.com", "domain:fresh-ideas.cc", "domain:godic.net", "domain:goodread.com", "domain:haibian.com", "domain:hdslb.net", "domain:hollisterco.com", "domain:hongxiu.com", "domain:hxcdn.net", "domain:images.unsplash.com", "domain:img4me.com", "domain:ipify.org", "domain:ixdzs.com", "domain:jd.hk", "domain:jianshuapi.com", "domain:jomodns.com", "domain:jsboxbbs.com", "domain:knewone.com", "domain:kuaidi100.com", "domain:lemicp.com", "domain:letvcloud.com", "domain:lizhi.io", "domain:localizecdn.com", "domain:lucifr.com", "domain:luoo.net", "domain:mai.tn", "domain:maven.org", "domain:miwifi.com", "domain:moji.com", "domain:moke.com", "domain:mtalk.google.com", "domain:mxhichina.com", "domain:myqcloud.com", "domain:myunlu.com", "domain:netease.com", "domain:nfoservers.com", "domain:nssurge.com", "domain:nuomi.com", "domain:ourdvs.com", "domain:overcast.fm", "domain:paypal.com", "domain:paypalobjects.com", "domain:pgyer.com", "domain:qdaily.com", "domain:qdmm.com", "domain:qin.io", "domain:qingmang.me", "domain:qingmang.mobi", "domain:qqurl.com", "domain:rarbg.to", "domain:rrmj.tv", "domain:ruguoapp.com", "domain:sm.ms", "domain:snwx.com", "domain:soku.com", "domain:startssl.com", "domain:store.steampowered.com", "domain:symcd.com", "domain:teamviewer.com", "domain:tmzvps.com", "domain:trello.com", "domain:trellocdn.com", "domain:ttmeiju.com", "domain:udache.com", "domain:uxengine.net", "domain:weather.bjango.com", "domain:weather.com", "domain:webqxs.com", "domain:weico.cc", "domain:wenku8.net", "domain:werewolf.53site.com", "domain:windowsupdate.com", "domain:wkcdn.com", "domain:workflowy.com", "domain:xdrig.com", "domain:xiaojukeji.com", "domain:xiaomi.net", "domain:xiaomicp.com", "domain:ximalaya.com", "domain:xitek.com", "domain:xmcdn.com", "domain:xslb.net", "domain:xteko.com", "domain:yach.me", "domain:yixia.com", "domain:yunjiasu-cdn.net", "domain:zealer.com", "domain:zgslb.net", "domain:zimuzu.tv", "domain:zmz002.com", "domain:samsungdm.com" ] }, { "type": "field", "port": null, "inboundTag": null, "outboundTag": "block", "ip": null, "domain": [ "geosite:category-ads-all" ] }, { "type": "field", "port": null, "inboundTag": null, "outboundTag": "direct", "ip": [ "geoip:private" ], "domain": null }, { "type": "field", "port": null, "inboundTag": null, "outboundTag": "direct", "ip": [ "geoip:cn" ], "domain": null }, { "type": "field", "port": null, "inboundTag": null, "outboundTag": "direct", "ip": null, "domain": [ "geosite:cn" ] } ] } }

我的配置，是否有问题？那一串一样样的，是否不对头？ 请教大家。

谢谢！

[xianren78]

目前这一块还是有问题，耐心等开发组修复。

[okudayukiko]

Nginx配置優化： vim /etc/nginx/nginx.conf server { listen 80 listen [::]:80 listen 443 ssl; listen [::]:443 ssl; root /usr/share/nginx/html; index index.htm index.html; ssl_protocols TLSv1.2;

ECDH Curves也會影響速度

ssl_ecdh_curve P-256; ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; location /ws { } }

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days