Git Product home page Git Product logo

simple-tls's People

Contributors

cyqsimon avatar irinesistiana avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

luckypoem lmhdrive cnxzp y1024 briteming ksharpdabu beyond-far pobizhe 0x1a0b icecodenew jonne021 test-base madjonr luuillu netboylee zhhuabj zinian chunqian

simple-tls's Issues

如何设置可以做到仅开启ws模式?

作shadowsocks的sip003插件使用时,服务端如何设置可以不添加证书而仅仅使用ws模式?

我想让nginx负责处理解密tls,然后让nginx把解密后的ws流量转发给 shadowsocks + simple-tls 处理.

我的shadowsocks配置如下:

服务端

ssserver -s "[::]:${PORT}" -m $METHOD -k ${PASSWORD} --plugin simple-tls --plugin-opts "ws;ws-path=/update;s;no-tls"

客户端插件参数:

ws;n=my.server.com

像我这样的设置,并没有正常工作。

Tutorial , please .

Hello . Can you create a tutorial how to install and run this plugin once I install shadowsocks in the UBUNTU VPS, please .
Or just the command or a script, please
Or upload a full gif video or a YouTube video .

I just downloaded the apk and install it on my Android .
I am not a programmer , but I like shadowsocks and I would like to use your plugin.

I hope you answer.

SIP003 android 不能正常工作

服务器端相关配置
shadowsocks-libev server

{
    "server":"127.0.0.1",
    "server_port":8888,
    "local_port":1080,
    "password":"password",
    "timeout":60,
    "method":"aes-128-gcm"
}

simple-tls cmd line

/usr/local/bin/simple-tls -b <server_ip>:2083 -d 127.0.0.1:8888 -s -cert /root/.acme.sh/<domain>/fullchain.cer -key /root/.acme.sh/<domain>/<domain>.key -wss -path /cdn

使用cloudflare 作为此 服务器的 前端
假设cdn 域名为 <cdn-domain>

其中 上述simple-tls 服务器端 指定的证书内包含了 <cdn-domain> 的 DNS name

在 linux 虚拟机中
simple-tls cmd line

simple-tls -n <cdn-domain> -b 127.0.0.1:9050 -d <cdn-domain>:2083 -wss -path /cdn

shadowsocks-libev client cmd line

ss-local -s 127.0.0.1 -p 9050 -l 9988 -k password -m aes-128-gcm

然后 测试 9050 socks5 端口能正常工作

然后下面是 android ss + SIP003 插件配置

SS 基本配置
服务器 : <cdn-domain>
端口 : 2083
密码加密方式同 server

SIP003配置

path=/cdn;wss;n=<cdn-domain>;

然后链接后 测试不通过.

UDP side

Hello,

As I understood, UDP is not supported right now?

Do you plan to support UDP side?

Consider removing default timeout?

Quote from cbeuw:

StreamTimeout is now no longer an option on Cloak server as Cloak will no longer timeout connections after at least some data has been sent. Connection timeout behaviours should be entirely implemented by the underlying proxy program. See shadowsocks/shadowsocks-rust#343.

Should simple-tls too consider unsetting its default timeout of 300s, or perhaps removing the option altogether?

xtls?

test

考虑多支持xtls吗? 测试一下,上方ss(md4rc5)+simple-tls(关pd),中间是xray(xtls),下方是ss(md4rc5)+simple-tls(关pd)。

因为已有tls,所以ss使用md4rc5。

[Bug] 最新版本插件模式下服务端无法启动

异常日志:

2020-09-28T12:00:57.564+00:00 INFO  [shadowsocks::relay::tcprelay::server] shadowsocks TCP listening on 127.0.0.1:35503
2020/09/28 12:00:57 main: simple-tls v0.4.4-0-ge9579ad
2020/09/28 12:00:57 main: simple-tls is running as a sip003 plugin
2020/09/28 12:00:57 main: net.Listen: listen tcp 127.0.0.1:35503: bind: address already in use

另外,版本号问题:

simple-tls -v

2020/09/28 13:33:52 main: simple-tls v0.4.4-0-ge9579ad
v0.4.4-0-ge9579ad

版本号查询如上,其实实际版本号是 v0.4.5。

[Suggestion] Add note on TLS mode and WSS mode?

Can you please make a recommendation in the documentation on which mode is preferable?

As per my understanding, WSS should be preferred because it is full-duplex, but I am not sure whether this is the case for your software. It would be best to have a recommendation from the author.

Thanks.

Crypto Go :we are a research group to help developers build secure applications.

Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector (i.e., CryptoGo) on Go language. We found your great public repository from Github, and several security issues detected by CryptoGo are shown in the following.
Note that the cryptographic algorithms are categorized with two aspects: security strength and security vulnerability based on NIST Special Publication 800-57 and other public publications. Moreover, CryptoGo defined certain rules derived from the APIs of Go cryptographic library and other popular cryptographic misuse detectors. The specific security issues we found are as follows:
(1) Location: core/auth.go:48
Broken rule: MD5 is an insecure algorithm;
(2) Location: core/auth.go:57
Broken rule: MD5 is an insecure algorithm;
(3) Location: core/client.go:101
Broken rule: SSL/TLS use insecure verification;
We wish the above security issues could truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply. Thanks.

Android apk 填写cca参数后,启动ss节点报错

版本:Android 9

Apk版本:v0.1.1

Server端使用-gen-cert参数生成的证书,Android Client端填写cca参数后,启动ss节点,报错如下:
Screenshot_20200331-134110__01

使用从Let's Encrypt获取合法的证书,Android端不填写cca字段时,无报错,节点连接正常。

-no-tls not working

./simple-tls -s -no-tls -ws -b :80 -d 127.0.0.1:22 -n example.com

client:
simple-tls -ws -b 127.0.0.1:2222 -d example.com:80 -n example.com

client output on connection:
failed to dial server connection: failed to WebSocket dial: failed to send handshake request: Get "https://example.com": x509: certificate signed by unknown authority

Conclusion: with -no-tls, server is still sending certificate

simple-tls v0.7.0-0-gdf0b4cc (go version: go1.17.6, os: linux, arch: amd64)
Linux Centos 7

[Bug] flag provided but not defined: -V

Version:

shadowsocks-android: v5.1.4
simple-tls android: v0.4.6

logcat:

10-21 14:34:39.445 16447 26106 E libsslocal: 2020-10-21T14:34:39.444+08:00 INFO  shadowsocks 1.8.20
10-21 14:34:39.450 16447 26106 E libsslocal: 2020-10-21T14:34:39.449+08:00 INFO  started plugin "/data/app/com.github.IrineSistiana.plugin.simple_tls_android-7Mpj8YjrpIONpEEDWVOMeg==/lib/arm64/libsimple-tls.so" on 127.0.0.1:40777 <-> 66.66.66.66:443 (26117)
10-21 14:34:39.473 16447 26106 E libsslocal: flag provided but not defined: -V
10-21 14:34:39.473 16447 26106 E libsslocal: Usage of /data/app/com.github.IrineSistiana.plugin.simple_tls_android-7Mpj8YjrpIONpEEDWVOMeg==/lib/arm64/libsimple-tls.so:
10-21 14:34:39.473 16447 26106 E libsslocal:   -b string
10-21 14:34:39.473 16447 26106 E libsslocal:            [Host:Port] bind address
10-21 14:34:39.473 16447 26106 E libsslocal:   -ca string
10-21 14:34:39.473 16447 26106 E libsslocal:            PEM CA file path
10-21 14:34:39.473 16447 26106 E libsslocal:   -cca string
10-21 14:34:39.474 16447 26106 E libsslocal:            base64 encoded PEM CA
10-21 14:34:39.474 16447 26106 E libsslocal:   -cert string
10-21 14:34:39.474 16447 26106 E libsslocal:            [Path] PEM cert file
10-21 14:34:39.474 16447 26106 E libsslocal:   -cpu int
10-21 14:34:39.474 16447 26106 E libsslocal:            the maximum number of CPUs that can be executing simultaneously (default 6)
10-21 14:34:39.474 16447 26106 E libsslocal:   -d string
10-21 14:34:39.474 16447 26106 E libsslocal:            [Host:Port] destination address
10-21 14:34:39.474 16447 26106 E libsslocal:   -fast-open
10-21 14:34:39.474 16447 26106 E libsslocal:            enable tfo, only available on linux 4.11+
10-21 14:34:39.474 16447 26106 E libsslocal:   -gen-cert
10-21 14:34:39.474 16447 26106 E libsslocal:            [This is a helper function]: generate a certificate, store it's key to [-key] and cert to [-cert], print cert in base64 format without padding characters
10-21 14:34:39.474 16447 26106 E libsslocal:   -key string
10-21 14:34:39.474 16447 26106 E libsslocal:            [Path] PEM key file
10-21 14:34:39.474 16447 26106 E libsslocal:   -n string
10-21 14:34:39.474 16447 26106 E libsslocal:            server name
10-21 14:34:39.474 16447 26106 E libsslocal:   -no-verify
10-21 14:34:39.474 16447 26106 E libsslocal:            client won't verify the server's certificate chain and host name
10-21 14:34:39.474 16447 26106 E libsslocal:   -pd
10-21 14:34:39.474 16447 26106 E libsslocal:            send padding data occasionally to against traffic analysis
10-21 14:34:39.474 16447 26106 E libsslocal:   -s       is server
10-21 14:34:39.474 16447 26106 E libsslocal:   -t int
10-21 14:34:39.474 16447 26106 E libsslocal:            timeout after sec (default 300)
10-21 14:34:39.474 16447 26106 E libsslocal:   -v       output version info and exit
10-21 14:34:39.474 16447 26106 E libsslocal: 2020/10/21 06:34:39 main: invalid arg: flag provided but not defined: -V

Solution for ARM

Hey. I am grateful for your work. Tell me, please, are you planning to compile a solution for the RaspBerry Pi (arm) platform?

有计划支持 MUX 多路复用吗?

以前的 mos-tls-tunnel 是有这个功能的。simple-tls 似乎没有了。
MUX 可以避免频繁连接,从而避免被机房或 CDN 的防火墙判为 DDoS,同时也能减少频繁尝试握手的资源开销。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.