Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

启用utls后APLN设置失效 #1274

Closed
kireiyume opened this issue Oct 25, 2022 · 1 comment
Closed

启用utls后APLN设置失效 #1274

kireiyume opened this issue Oct 25, 2022 · 1 comment
Labels
question Further information is requested

Comments

@kireiyume
Copy link

kireiyume commented Oct 25, 2022
edited
Loading

在有些转发流量的场景下,仅运行apln为h2的流量通过,但是在开启utls后,转发的流量不通了。
配置:
{
"log": {
"access": "",
"error": "",
"loglevel": "error"
},
"inbounds": [
{
"tag": "socks",
"port": 10808,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
},
{
"tag": "http",
"port": 10809,
"listen": "127.0.0.1",
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "trojan",
"settings": {
"servers": [
{
"address": "xxx",
"method": "chacha20",
"ota": false,
"password": "xxx",
"port": xxx,
"level": 1,
"flow": ""
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": "xxxx",
"alpn": [
"h2"
],
"fingerprint": "chrome"
}
},
"mux": {
"enabled": false,
"concurrency": -1
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"domainMatcher": "linear",
"rules": [
{
"type": "field",
"inboundTag": [
"api"
],
"outboundTag": "api",
"enabled": true
},
{
"type": "field",
"outboundTag": "direct",
"domain": [
"domain:example-example.com",
"domain:example-example2.com"
],
"enabled": true
},
{
"type": "field",
"outboundTag": "block",
"domain": [
"geosite:category-ads-all"
],
"enabled": true
},
{
"type": "field",
"outboundTag": "direct",
"domain": [
"geosite:cn"
],
"enabled": true
},
{
"type": "field",
"outboundTag": "direct",
"ip": [
"geoip:private",
"geoip:cn"
],
"enabled": true
},
{
"type": "field",
"port": "0-65535",
"outboundTag": "proxy",
"enabled": true
}
]
}
}
@yuhan6665 yuhan6665 added the bug Something isn't working label Oct 26, 2022
@HirbodBehnam
Copy link
Contributor

I think this is intended behavior. If you enable uTLS it will override all of your TLS settings except servername, allow insecure and RootCAs. The code can be found here:

Xray-core/transport/internet/tls/tls.go

Lines 106 to 112 in 341d317

func copyConfig(c *tls.Config) *utls.Config {
return &utls.Config{
RootCAs: c.RootCAs,
ServerName: c.ServerName,
InsecureSkipVerify: c.InsecureSkipVerify,
}
}

Also I think this should be like that, because if you only put h2 in ALPN, it won't be chrome's fingerprint anymore. Unless, chrome really do have a h2 only mode which I've not seen.

@yuhan6665 yuhan6665 added question Further information is requested and removed bug Something isn't working labels Oct 27, 2022
@yuhan6665 yuhan6665 mentioned this issue Jan 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yuhan6665 @HirbodBehnam @Fangliding @kireiyume