Clash

A rule-based tunnel in Go.

Features

This is a general overview of the features that comes with Clash.

Inbound: HTTP, HTTPS, SOCKS5 server, TUN device
Outbound: Shadowsocks(R), VMess, Trojan, Snell, SOCKS5, HTTP(S), Wireguard
Rule-based Routing: dynamic scripting, domain, IP addresses, process name and more
Fake-IP DNS: minimises impact on DNS pollution and improves network performance
Transparent Proxy: Redirect TCP and TProxy TCP/UDP with automatic route table/rule management
Proxy Groups: automatic fallback, load balancing or latency testing
Remote Providers: load remote proxy lists dynamically
RESTful API: update configuration in-place via a comprehensive API

Some of the features may only be available in the Premium core.

Installation

curl -o- https://raw.githubusercontent.com/zmicro-design/package-clash/master/install | sh -s -- ONE_LINE

Documentation

You can find the latest documentation at https://doreamon-design.github.io/clash/.

Credits

License

This software is released under the GPL-3.0 license.

[Bug] 基于socks5的ssl连接报错

先决条件

我了解这里是官方开源版 Clash 核心仓库，只提供开源版或者 Premium 内核的支持
我要提交 Clash 核心的问题，并非 Clash.Meta / OpenClash / ClashX / Clash For Windows 或其他任何衍生版本的问题
我使用的是本仓库最新版本的 Clash 或 Clash Premium 内核
我已经在 Issue Tracker 中找过我要提出的 bug，并且没有找到相关问题
我已经仔细阅读官方 Wiki 并无法自行解决问题
（非 Premium 内核必填）我已经使用 dev 分支版本测试过，问题依旧存在

版本

v2.0.24

适用的作业系统

Linux

适用的硬件架构

amd64

配置文件

port: 8081
# socks-port: 7891
# redir-port: 7892
allow-lan: true
mode: Rule
log-level: debug
external-controller: 0.0.0.0:9090
dns:
  enable: false
  ipv6: false
Proxy:
  - {
      name: "socks5h",
      type: socks5,
      server: 127.0.0.1,
      port: 1080,
      tls: true,
      skip-cert-verify: true
    }
Proxy Group:
  - {
      name: "Proxy",
      type: select,
      proxies: [ "socks5h" ]
    }
Rule:
  - DOMAIN-KEYWORD,google,Proxy
  - GEOIP,CN,DIRECT
  - MATCH,Proxy

日志输出

curl -x http://127.0.0.1:8081 -v https://www.google.com
* Rebuilt URL to: https://www.google.com/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.58.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443

问题描述

GNU C Library (Ubuntu GLIBC 2.27-3ubuntu1.5) stable release version 2.27
通过privoxy做代理的正常输出

curl -x http://127.0.0.1:8080 -v https://www.google.com

Rebuilt URL to: https://www.google.com/
Trying 127.0.0.1...
TCP_NODELAY set
Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
allocate connect buffer!
Establish HTTP proxy tunnel to www.google.com:443

CONNECT www.google.com:443 HTTP/1.1
Host: www.google.com:443
User-Agent: curl/7.58.0
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection established
<

Proxy replied 200 to CONNECT request
CONNECT phase completed!
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
CONNECT phase completed!
CONNECT phase completed!
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Unknown (8):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Client hello (1):
TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
ALPN, server accepted to use h2
Server certificate:
subject: CN=www.google.com
start date: Feb 5 08:19:50 2024 GMT
expire date: Apr 29 08:19:49 2024 GMT
subjectAltName: host "www.google.com" matched cert's "www.google.com"
issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
SSL certificate verify ok.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
TLSv1.3 (OUT), TLS Unknown, Unknown (23):
TLSv1.3 (OUT), TLS Unknown, Unknown (23):
TLSv1.3 (OUT), TLS Unknown, Unknown (23):
Using Stream ID: 1 (easy handle 0x55c7869e2620)
TLSv1.3 (OUT), TLS Unknown, Unknown (23):

GET / HTTP/2
Host: www.google.com
User-Agent: curl/7.58.0
Accept: /

TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.3 (IN), TLS Unknown, Unknown (23):
Connection state changed (MAX_CONCURRENT_STREAMS updated)!
TLSv1.3 (OUT), TLS Unknown, Unknown (23):
TLSv1.3 (IN), TLS Unknown, Unknown (23):
TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/2 200
< date: Mon, 26 Feb 2024 07:40:52 GMT
< expires: -1
< cache-control: private, max-age=0

复现步骤

No response

doreamon-design / clash Goto Github PK

clash's Introduction

Clash

A rule-based tunnel in Go.

Features

Installation

Documentation

Credits

License

clash's People

Contributors

Stargazers

Watchers

Forkers

clash's Issues