dan9i10/xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2026-05-08 14:13:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,839 Commits 65 Branches 125 Tags
docker
Commit Graph

92 Commits

Author SHA1 Message Date
风扇滑翔翼
16568314d8 TLS for WSS/HUS: Allow outer "alpn": ["h2", "http/1.1"] for camouflage (#6034) 
https://github.com/XTLS/Xray-core/pull/6034#issuecomment-4363639160

Closes https://github.com/XTLS/Xray-core/issues/6024#issuecomment-4328306231
 2026-05-02 11:07:12 +00:00
风扇滑翔翼
1fc6850dc4 TLS ECH: Remove echForceQuery (ECH is forced now if configured) (#6032) 
https://github.com/XTLS/Xray-core/pull/5887#issuecomment-4184701517
 2026-05-02 10:33:43 +00:00
Lumière Élevé
9e09399087 Xray-core: More robust browser header masquerading (chrome, firefox, edge) (#5802) 
Fixes https://github.com/XTLS/Xray-core/issues/5800
 2026-03-21 12:24:08 +00:00
风扇滑翔翼
e86c365572 TLS ECH: Avoid outer ALPN http/1.1 for WSS & HUS; Change echForceQuery's default value to "full"; Update github.com/refraction-networking/utls to 20260301010127; Add irrelevant tests for uTLS-REALITY (#5725) 
https://github.com/XTLS/Xray-core/pull/5725#issuecomment-3982680111
 2026-03-09 12:49:49 +00:00
风扇滑翔翼
d100be5ad5 Chore: Migrate to Go 1.26 (#5680) 2026-02-12 04:08:59 +00:00
风扇滑翔翼
4632984b66 TLS client: Simplify cert's verification code (#5656) 
Fixes https://github.com/XTLS/Xray-core/issues/5655
 2026-02-06 01:57:32 +00:00
Copilot
b7a22c729b Xray-core: Dynamic Chrome User-Agent for all HTTP requests by default (overwriteable through config) (#5658) 
https://github.com/XTLS/Xray-core/issues/4996#issuecomment-3855274627
https://github.com/XTLS/Xray-core/pull/5658#issuecomment-3857332687

---------

Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
Co-authored-by: Fangliding <63339210+Fangliding@users.noreply.github.com>
 2026-02-06 01:42:31 +00:00
风扇滑翔翼
74c726ff62 Commands: Print CA cert's SHA256 in tls ping (#5644) 
And https://github.com/XTLS/Xray-core/issues/5642#issuecomment-3840806246

---------

Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
 2026-02-03 21:03:48 +00:00
RPRX
d14767d4f3 Chore: Generate *.pb.go files with protoc v6.33.5 
Download https://github.com/protocolbuffers/protobuf/releases/tag/v33.5
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.11
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.6.0
(Xray-core/) go run ./infra/vprotogen
 2026-02-03 09:34:02 +00:00
Dmitrii Makhno
5b849d51a9 XHTTP transport: New options for bypassing CDN's detection (#5414) 
Usage: https://github.com/XTLS/Xray-core/pull/5414#issuecomment-3770071786

Closes https://github.com/XTLS/Xray-core/issues/4346

---------

Co-authored-by: 风扇滑翔翼 <Fangliding.fshxy@outlook.com>
 2026-01-31 13:34:13 +00:00
RPRX
2c92339f95 TLS config: allowInsecure->pinnedPeerCertSha256; verifyPeerCertInNames->verifyPeerCertByName 
And use `,` as the separator instead of `~`/array

https://github.com/XTLS/Xray-core/pull/5567#issuecomment-3766081805
https://t.me/projectXtls/1464
https://t.me/projectXtls/1465
https://t.me/projectXtls/1466
https://github.com/XTLS/Xray-core/pull/5625#issuecomment-3824855736
 2026-01-31 09:32:51 +00:00
风扇滑翔翼
09f619d67c TLS client: Add pin_test.go for leaf and CA (#5553) 
https://github.com/XTLS/Xray-core/pull/5532#issuecomment-3760231005
 2026-01-17 09:42:06 +00:00
RPRX
760223ad70 TLS client: Skip TLS' built-in verification when using pinnedPeerCertSha256; Fixes 
https://github.com/XTLS/Xray-core/pull/5532#issuecomment-3745598515
https://github.com/XTLS/Xray-core/pull/5532#issuecomment-3759930283
https://github.com/XTLS/Xray-core/pull/5532#issuecomment-3760057266
https://github.com/XTLS/Xray-core/pull/5532#issuecomment-3760540231
 2026-01-16 15:23:39 +00:00
风扇滑翔翼
4bdf6e5c92 TLS client: Verify leaf cert (name, time) when pinning self-signed CA (#5532) 
https://github.com/XTLS/Xray-core/pull/5154#issuecomment-3732159602
 2026-01-13 14:35:24 +00:00
风扇滑翔翼
0ca13452b8 TLS config: Add pinnedPeerCertSha256; Remove pinnedPeerCertificateChainSha256 and pinnedPeerCertificatePublicKeySha256 (#5154) 
Usage: https://github.com/XTLS/Xray-core/pull/5507

---------

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
 2026-01-09 00:11:24 +00:00
patterniha
a6792dda69 TLS ECH: Increase DOH timeout (#5455) 
Co-authored-by: 风扇滑翔翼 <Fangliding.fshxy@outlook.com>
 2025-12-23 09:41:01 +00:00
风扇滑翔翼
7cbf5b004c TLS ECH client: echForceQuery "full" / "half" / "none" (default) (#4973) 
https://github.com/XTLS/Xray-core/pull/4971#issuecomment-3148113203
 2025-08-03 10:15:42 +00:00
patterniha
a02723e63f TLS ECH client: Use chrome-fingerprint and add padding; Add "h2c" and echSockopt; Fix some issues (#4949) 
Completes https://github.com/XTLS/Xray-core/pull/3813
 2025-08-02 16:05:00 +00:00
风扇滑翔翼
b2829219a0 TLS ECH client: Add echForceQuery config (#4947) 
https://github.com/XTLS/Xray-core/pull/4947#issuecomment-3124359776
 2025-08-01 11:25:15 +00:00
风扇滑翔翼
fb7a9d8d61 TLS client & server: Support Encrypted Client Hello (ECH) (#3813) 
b9a72a4a26

---------

Co-authored-by: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
 2025-07-26 08:47:27 +00:00
风扇滑翔翼
cbcab89c7e Commands: Display Post-Quantum key exchange in tls ping (#4857) 
https://github.com/XTLS/Xray-core/pull/4857#issuecomment-3064964301
 2025-07-19 01:14:56 +00:00
RPRX
7ddc4a2525 REALITY practice: Support X25519MLKEM768 for TLS' communication 
https://github.com/XTLS/Xray-core/pull/3813#issuecomment-2873889724
 2025-05-16 04:08:38 +00:00
yuhan6665
a608c5a1db uTLS: Add new fingerprints 
PSK extension, Post-Quantum Key Agreement, ML-KEM
 2025-04-26 12:31:41 -04:00
patterniha
2d3210e4b8 Env: Add XRAY_LOCATION_CERT variable (#4536) 
https://github.com/XTLS/Xray-core/issues/4531#issuecomment-2746155941

Fixes https://github.com/XTLS/Xray-core/issues/4531

---------

Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
 2025-03-24 13:02:35 +00:00
RPRX
e466b0497c DNS DoH: Use Chrome's fingerprint & keepAlivePeriod, Add header padding by default 
https://github.com/XTLS/Xray-core/discussions/4430#discussioncomment-12374292
 2025-03-03 14:45:12 +00:00
RPRX
8d46f7e14c TLS fingerprints: Refine "random" & "randomized", Add "randomizednoalpn" 
https://github.com/XTLS/Xray-core/issues/4436#issuecomment-2687801214
 2025-03-02 13:02:47 +00:00
RPRX
d4c7cd02fd MITM freedom RAW TLS: Allow "fromMitm" to be written at any position in verifyPeerCertInNames, Add checking for alpn "fromMitm" 
https://github.com/XTLS/Xray-core/issues/4348#issuecomment-2643340434
 2025-02-08 12:11:25 +00:00
RPRX
c6a31f457c MITM: Allow using local received SNI in the outgoing serverName & verifyPeerCertInNames 
https://github.com/XTLS/Xray-core/issues/4348#issuecomment-2637370175

Local received SNI was sent by browser/app.

In freedom RAW's `tlsSettings`, set `"serverName": "fromMitm"` to forward it to the real website.

In freedom RAW's `tlsSettings`, set `"verifyPeerCertInNames": ["fromMitm"]` to use all possible names to verify the certificate.
 2025-02-06 07:37:30 +00:00
RPRX
2522cfd7be DNS DoH: Add h2c Remote mode (with TLS serverNameToVerify) 
https://github.com/XTLS/Xray-core/issues/4313#issuecomment-2609339864

Applies https://github.com/refraction-networking/utls/pull/161

Closes https://github.com/XTLS/Xray-core/issues/4313
 2025-01-25 10:51:44 +00:00
RPRX
96fb680d45 REALITY, TLS config: Set "chrome" as the default fingerprint 
Other VLESS implementations should follow this change.
 2024-12-17 11:02:51 +00:00
pinglanlu
7b4a686b74 Chore: Use a more direct and less error-prone return value (#4008) 
Signed-off-by: pinglanlu <pinglanlu@outlook.com>
 2024-11-12 10:44:41 -05:00
风扇滑翔翼
571777483b TLS: Add CurvePreferences (to enable kyber768) (#3991) 
Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
 2024-11-11 04:21:28 +00:00
zonescape
83bab5dd90 Chore: Run gofmt (#3990) 2024-11-09 11:16:11 +00:00
RPRX
47fad1fbfd Chore: Generate *.pb.go files with protoc v5.28.2 
Download https://github.com/protocolbuffers/protobuf/releases/tag/v28.2
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.35.1
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.5.1
(Xray-core/) go run ./infra/vprotogen
 2024-10-16 04:06:21 +00:00
Kobe Arthur Scofield
7086d286be Remove legacy code (#3838) 
* Add feature migration notice

* Remove legacy code of transport processing

* Clear legacy proto field

* Fix missing

* Unify protocolname

* Test remove

* Supressor

* Weird code

* Remove errorgen related comments
 2024-09-23 11:28:19 -04:00
Kobe Arthur Scofield
57a41f3b4b Config: Remove more legacy fields (#3817) 2024-09-19 01:05:59 +00:00
mmmray
2be03c56cb Pin protobuf packages (#3715) 
* Pin protobuf packages

It happened in the past that I ran with the wrong protobuf version
installed locally, and apparently there is even still some file wrong in
splithttp. Fix this issue once and for all.

* bump protobuf packages

* Revert "bump protobuf packages"

This reverts commit 7a3509346a.

* Revert "Revert "bump protobuf packages""

This reverts commit bb79707d15.

* fix deprecated grpc usage
 2024-08-22 10:18:36 -04:00
lelemka0
4531a7e228 CertificateObject: Enable auto-reload for cacert & Add buildChain & Fixes (#3607) 2024-07-29 06:58:58 +00:00
yuhan6665
079d0bd8a9 Refactor log (#3446) 
* Refactor log

* Add new log methods

* Fix logger test

* Change all logging code

* Clean up pathObj

* Rebase to latest main

* Remove invoking method name after the dot
 2024-06-29 14:32:57 -04:00
RPRX
ca07a705dc Generate *.pb.go files with protoc v5.27.0 
Download https://github.com/protocolbuffers/protobuf/releases/tag/v27.0
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.34.1
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.3.0
(Xray-core/) go run ./infra/vprotogen
 2024-05-26 03:20:53 +00:00
RPRX
61800fcc66 Revert "nosni" 
https://github.com/XTLS/Xray-core/pull/3214#issuecomment-2078502477
 2024-04-26 02:27:22 +00:00
Allo
fbc56b88da chore: remove the usage of some deprecated tls properties 2024-04-13 17:56:35 -04:00
风扇滑翔翼
ec2224974d Add "nosni" option to send empty SNI (#3214) 
* Allow not to send SNI

* Allow reality not to send SNI
 2024-04-01 11:08:37 -04:00
yuhan6665
657c5c8570 Update HTTPUpgrade spelling and proto 2024-03-20 13:08:43 -04:00
deorth-kku
cae94570df Fixing tcp connestions leak 
- always use HandshakeContext instead of Handshake

- pickup dailer dropped ctx

- rename HandshakeContextAddress to HandshakeAddressContext
 2024-02-19 09:32:40 -05:00
yuhan6665
fa5d7a255b Least load balancer (#2999) 
* v5: Health Check & LeastLoad Strategy (rebased from 2c5a71490368500a982018a74a6d519c7e121816)

Some changes will be necessary to integrate it into V2Ray

* Update proto

* parse duration conf with time.Parse()

* moving health ping to observatory as a standalone component

* moving health ping to observatory as a standalone component: auto generated file

* add initialization for health ping

* incorporate changes in router implementation

* support principle target output

* add v4 json support for BurstObservatory & fix balancer reference

* update API command

* remove cancelled API

* return zero length value when observer is not found

* remove duplicated targeted dispatch

* adjust test with updated structure

* bug fix for observer

* fix strategy selector

* fix strategy least load

* Fix ticker usage

ticker.Close does not close ticker.C

* feat: Replace default Health Ping URL to HTTPS (#1991)

* fix selectLeastLoad() returns wrong number of nodes (#2083)

* Test: fix leastload strategy unit test

* fix(router): panic caused by concurrent map read and write (#2678)

* Clean up code

---------

Co-authored-by: Jebbs <qjebbs@gmail.com>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: 世界 <i@sekai.icu>
Co-authored-by: Bernd Eichelberger <46166740+4-FLOSS-Free-Libre-Open-Source-Software@users.noreply.github.com>
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
Co-authored-by: Rinka <kujourinka@gmail.com>
 2024-02-17 22:51:37 -05:00
Qi Lin
2b08d8638e Let tlsSettings.masterKeyLog and tlsSettings.fingerprint work together 2024-01-10 11:34:52 -05:00
yuhan6665
6f092bd212 Add "masterKeyLog" in TLS config (#2758) 
* Add "enableMasterKeyLog" in TLS config

Turn on the debug option for Wireshark to decrypt traffic

* Change to "masterKeyLog" to configure a path
 2023-11-27 10:08:34 -05:00
yuhan6665
d9fd3f8eb1 Freedom xdomain strategy (#2719) 
* 统一 `domainStrategy` 行为.

* aliases NG.

* 化简.

* 调整.

* Let it crash.

* Update proto

---------

Co-authored-by: rui0572 <125641819+rui0572@users.noreply.github.com>
 2023-11-12 16:27:39 -05:00
yuhan6665
d11d72be6c Update proto file and fix protoc version parsing 
The new protoc cli return version v23.1,
so we parse the file version v4.23.1 without "4."
 2023-06-11 13:36:06 -04:00