Shelikhoo
99f9030e4e
Fix tls maxmin version config
2024-03-16 20:23:45 +00:00
Shelikhoo
94fa391dfe
Add MaxMin TLS version support in TLS Setting
2024-03-15 20:19:09 +00:00
Shelikhoo
3631053c2b
Crash process when encountered when unknown security settings type was supplied
2022-12-24 21:52:23 +00:00
Shelikhoo
52ea2b0146
Fix TLS Client Certificate Verify Not Applied
2022-05-03 15:23:33 +01:00
Shelikhoo
3ef7feaeaf
update version: auto replacement to v5 path
2022-01-02 15:16:23 +00:00
Jebbs
b05a469488
v5: Remove v2ctl & wv2ray (rebased from 7c1ab06206
)
2021-09-04 11:09:55 +01:00
Shelikhoo
8ac4750f9e
fix lint warning
...
apply coding style. Be sure to update the style checking tool after a long time of inactivity.
2021-09-02 17:34:39 +01:00
Shelikhoo
a53fd35205
separate client ca and server ca
...
This is designed to prevent a server from being attacked with a client with a certificate issued by a trusted system CA.
Some commercial CA actually can issue certificate to individual to proof their identity. The server should not accept these certs as a valid client certificates.
2021-09-01 22:34:13 +01:00
ydx
fb665ee94a
add client certificate verify ( #1169 )
2021-09-01 21:12:03 +01:00
database64128
c78ee5aac7
🏡 Housekeeping: Update to Go 1.17 ( #1215 )
...
* ⬆ Update to Go 1.17
* 🏗 Update workflows and add windows-arm64
* 💾 Update generated files
* 📛 Update not-so-friendly filenames
2021-08-21 13:20:40 +08:00
Shelikhoo
e98865a205
amend certificate removal message
2021-06-04 20:07:27 +01:00
Bhoppi Chaw
6d9c463b60
Fix: new cert issuing is incorrectly delayed ( #998 )
...
* fix new cert issuing is incorrectly delayed
* apply lint
* revert cert duration & write cert issue/revoke info into log
* apply lint
Co-authored-by: Bhoppi Chaw <bhoppi#outlook,com>
2021-06-04 19:55:30 +01:00
Loyalsoldier
6f8979d017
Style: format code by gofumpt ( #1022 )
2021-05-20 05:28:52 +08:00
Shelikhoo
ebb720804d
refactored cert pin
2021-04-15 20:02:48 +01:00
Shelikhoo
92b845a45b
added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb
2021-04-15 19:01:55 +01:00
Shelikhoo
34a3850f16
publish cert chain hash generation algorithm
2021-04-15 18:17:52 +01:00
Shelikhoo
59472de6a9
verify peer cert function for better man in the middle prevention
2021-04-15 18:16:19 +01:00
Loyalsoldier
f94dd11a8c
Chore: change module name ( #677 )
2021-02-17 04:31:50 +08:00
RPRX
a58bfc4ba4
SessionTicketsDisabled: false -> true
2021-01-01 11:25:04 +00:00
RPRX
4d2e782fbe
Disable session resumption by default ( #569 )
2021-01-01 17:01:14 +08:00
Loyalsoldier
b68f943c78
Fix lint according to golangci-lint ( #439 )
2020-11-22 05:05:01 +08:00
loyalsoldier
784775f689
Refine code according to golangci-lint results
2020-10-11 19:22:46 +08:00
Darhwa
8e791e92bc
Further strip unique signatures of tls handshake
...
1. allow users to disable session ticket
2. set default alpn to ["h2", "http/1.1"]
2020-06-18 11:32:37 +08:00
vcptr
524b2aca56
let crypto/tls choose the proper ciphers
2020-05-31 11:25:56 +08:00
vcptr
e62e6608e1
tls use crypto std cipher suites
2020-05-31 11:25:50 +08:00
Kirill Motkov
0401a91ef4
Some code improvements
...
* Rewrite empty string checks more idiomatically.
* Change strings.ToLower comparisons to strings.EqualFold.
* Rewrite switch statement with only one case as if.
2019-06-28 17:53:44 +03:00
Kslr
c5635f9507
sync fly, enable tls 1.3
2019-05-17 17:54:04 +08:00
Darien Raymond
974b488ab0
add support for not loading system roots. fixes #1513
2019-02-26 21:58:54 +01:00
Darien Raymond
c5cce8be6f
fix server name parsing
2019-02-19 13:05:36 +01:00
Darien Raymond
c072d38e2c
refine tls connection
2019-02-17 00:58:02 +01:00
Darien Raymond
1ab94fed79
optimize v2ctl size
2019-02-01 20:08:21 +01:00
Darien Raymond
5279296f03
remove use of context.WithValue in transport
2018-11-21 14:54:40 +01:00
Darien Raymond
682b28cbda
fix tls.AllowInsecureCiphers
2018-09-10 23:55:54 +02:00
Darien Raymond
b3847fb7c0
MemoryStreamSettings
2018-09-07 14:50:25 +02:00
Darien Raymond
896db7c50c
offer an option to disable session resumption
2018-07-24 15:12:09 +02:00
Darien Raymond
9a9b6f9077
fix concurrent access to tls config
2018-07-14 00:21:58 +02:00
Darien Raymond
9321210bcf
settings for allowing insecure cipher suites.
2018-05-27 18:52:08 +02:00
Darien Raymond
10d7ed2e83
fix expired cert check
2018-04-18 11:45:49 +02:00
Darien Raymond
a657ec49a0
comments
2018-04-17 23:33:39 +02:00
Darien Raymond
da0568d8d0
refine cert generation
2018-04-14 13:28:57 +02:00
Darien Raymond
abee8bddf3
only try issuing new certificate when user provide custom CA
2018-04-14 13:12:50 +02:00
Darien Raymond
ccafce3c9b
disable system roots for windows
2018-04-13 10:01:10 +02:00
Darien Raymond
044c641d7b
test case for tls certs
2018-04-10 23:02:47 +02:00
Darien Raymond
318a36fe58
automatic issuing certificates from provided CA
2018-04-10 12:42:02 +02:00
Darien Raymond
d207d953bd
h2 transport
2018-03-01 13:16:52 +01:00
Darien Raymond
bdab1af29a
update tls config generation
2018-02-28 15:15:22 +01:00
Darien Raymond
30f27706e0
Use 'h2' for ALPN in TCP
2018-01-02 18:16:36 +01:00
Darien Raymond
f4c35db968
merge log into common log
2017-12-19 21:28:12 +01:00
Darien Raymond
048ffbc7dc
simplify tls config
2017-12-17 00:53:17 +01:00
Darien Raymond
af88016320
fix #643
2017-10-26 11:43:02 +02:00