irinesistiana / simple-tls Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU General Public License v3.0
License: GNU General Public License v3.0
作shadowsocks的sip003插件使用时,服务端如何设置可以不添加证书而仅仅使用ws模式?
我想让nginx负责处理解密tls,然后让nginx把解密后的ws流量转发给 shadowsocks + simple-tls 处理.
我的shadowsocks配置如下:
服务端
ssserver -s "[::]:${PORT}" -m $METHOD -k ${PASSWORD} --plugin simple-tls --plugin-opts "ws;ws-path=/update;s;no-tls"
客户端插件参数:
ws;n=my.server.com
像我这样的设置,并没有正常工作。
Hello . Can you create a tutorial how to install and run this plugin once I install shadowsocks in the UBUNTU VPS, please .
Or just the command or a script, please
Or upload a full gif video or a YouTube video .
I just downloaded the apk and install it on my Android .
I am not a programmer , but I like shadowsocks and I would like to use your plugin.
I hope you answer.
你说“以shadowsocks-libev为例”,那么支持ss python版吗?
bindAddr = sip003Args.GetLocalAddr()
dstAddr = sip003Args.GetRemoteAddr()
上面这两个似乎写反了。
服务器端相关配置
shadowsocks-libev server
{
"server":"127.0.0.1",
"server_port":8888,
"local_port":1080,
"password":"password",
"timeout":60,
"method":"aes-128-gcm"
}
simple-tls cmd line
/usr/local/bin/simple-tls -b <server_ip>:2083 -d 127.0.0.1:8888 -s -cert /root/.acme.sh/<domain>/fullchain.cer -key /root/.acme.sh/<domain>/<domain>.key -wss -path /cdn
使用cloudflare 作为此 服务器的 前端
假设cdn 域名为 <cdn-domain>
其中 上述simple-tls 服务器端 指定的证书内包含了 <cdn-domain>
的 DNS name
在 linux 虚拟机中
simple-tls cmd line
simple-tls -n <cdn-domain> -b 127.0.0.1:9050 -d <cdn-domain>:2083 -wss -path /cdn
shadowsocks-libev client cmd line
ss-local -s 127.0.0.1 -p 9050 -l 9988 -k password -m aes-128-gcm
然后 测试 9050 socks5 端口能正常工作
然后下面是 android ss + SIP003 插件配置
SS 基本配置
服务器 : <cdn-domain>
端口 : 2083
密码加密方式同 server
SIP003配置
path=/cdn;wss;n=<cdn-domain>;
然后链接后 测试不通过.
Hello,
As I understood, UDP is not supported right now?
Do you plan to support UDP side?
StreamTimeout is now no longer an option on Cloak server as Cloak will no longer timeout connections after at least some data has been sent. Connection timeout behaviours should be entirely implemented by the underlying proxy program. See shadowsocks/shadowsocks-rust#343.
Should simple-tls too consider unsetting its default timeout of 300s, or perhaps removing the option altogether?
异常日志:
2020-09-28T12:00:57.564+00:00 INFO [shadowsocks::relay::tcprelay::server] shadowsocks TCP listening on 127.0.0.1:35503
2020/09/28 12:00:57 main: simple-tls v0.4.4-0-ge9579ad
2020/09/28 12:00:57 main: simple-tls is running as a sip003 plugin
2020/09/28 12:00:57 main: net.Listen: listen tcp 127.0.0.1:35503: bind: address already in use
另外,版本号问题:
simple-tls -v
2020/09/28 13:33:52 main: simple-tls v0.4.4-0-ge9579ad
v0.4.4-0-ge9579ad
版本号查询如上,其实实际版本号是 v0.4.5。
Can you please make a recommendation in the documentation on which mode is preferable?
As per my understanding, WSS should be preferred because it is full-duplex, but I am not sure whether this is the case for your software. It would be best to have a recommendation from the author.
Thanks.
Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector (i.e., CryptoGo) on Go language. We found your great public repository from Github, and several security issues detected by CryptoGo are shown in the following.
Note that the cryptographic algorithms are categorized with two aspects: security strength and security vulnerability based on NIST Special Publication 800-57 and other public publications. Moreover, CryptoGo defined certain rules derived from the APIs of Go cryptographic library and other popular cryptographic misuse detectors. The specific security issues we found are as follows:
(1) Location: core/auth.go:48
Broken rule: MD5 is an insecure algorithm;
(2) Location: core/auth.go:57
Broken rule: MD5 is an insecure algorithm;
(3) Location: core/client.go:101
Broken rule: SSL/TLS use insecure verification;
We wish the above security issues could truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply. Thanks.
we know stunnel using both client and server auth for security, do you have any plan to add client auth?
and configurable ciphere-suites and curves for TLS1.3?
./simple-tls -s -no-tls -ws -b :80 -d 127.0.0.1:22 -n example.com
client:
simple-tls -ws -b 127.0.0.1:2222 -d example.com:80 -n example.com
client output on connection:
failed to dial server connection: failed to WebSocket dial: failed to send handshake request: Get "https://example.com": x509: certificate signed by unknown authority
Conclusion: with -no-tls, server is still sending certificate
simple-tls v0.7.0-0-gdf0b4cc (go version: go1.17.6, os: linux, arch: amd64)
Linux Centos 7
You can add Screenshots for F-Droid, too, if you want.
https://f-droid.org/en/docs/All_About_Descriptions_Graphics_and_Screenshots/
Version:
shadowsocks-android: v5.1.4
simple-tls android: v0.4.6
logcat:
10-21 14:34:39.445 16447 26106 E libsslocal: 2020-10-21T14:34:39.444+08:00 INFO shadowsocks 1.8.20
10-21 14:34:39.450 16447 26106 E libsslocal: 2020-10-21T14:34:39.449+08:00 INFO started plugin "/data/app/com.github.IrineSistiana.plugin.simple_tls_android-7Mpj8YjrpIONpEEDWVOMeg==/lib/arm64/libsimple-tls.so" on 127.0.0.1:40777 <-> 66.66.66.66:443 (26117)
10-21 14:34:39.473 16447 26106 E libsslocal: flag provided but not defined: -V
10-21 14:34:39.473 16447 26106 E libsslocal: Usage of /data/app/com.github.IrineSistiana.plugin.simple_tls_android-7Mpj8YjrpIONpEEDWVOMeg==/lib/arm64/libsimple-tls.so:
10-21 14:34:39.473 16447 26106 E libsslocal: -b string
10-21 14:34:39.473 16447 26106 E libsslocal: [Host:Port] bind address
10-21 14:34:39.473 16447 26106 E libsslocal: -ca string
10-21 14:34:39.473 16447 26106 E libsslocal: PEM CA file path
10-21 14:34:39.473 16447 26106 E libsslocal: -cca string
10-21 14:34:39.474 16447 26106 E libsslocal: base64 encoded PEM CA
10-21 14:34:39.474 16447 26106 E libsslocal: -cert string
10-21 14:34:39.474 16447 26106 E libsslocal: [Path] PEM cert file
10-21 14:34:39.474 16447 26106 E libsslocal: -cpu int
10-21 14:34:39.474 16447 26106 E libsslocal: the maximum number of CPUs that can be executing simultaneously (default 6)
10-21 14:34:39.474 16447 26106 E libsslocal: -d string
10-21 14:34:39.474 16447 26106 E libsslocal: [Host:Port] destination address
10-21 14:34:39.474 16447 26106 E libsslocal: -fast-open
10-21 14:34:39.474 16447 26106 E libsslocal: enable tfo, only available on linux 4.11+
10-21 14:34:39.474 16447 26106 E libsslocal: -gen-cert
10-21 14:34:39.474 16447 26106 E libsslocal: [This is a helper function]: generate a certificate, store it's key to [-key] and cert to [-cert], print cert in base64 format without padding characters
10-21 14:34:39.474 16447 26106 E libsslocal: -key string
10-21 14:34:39.474 16447 26106 E libsslocal: [Path] PEM key file
10-21 14:34:39.474 16447 26106 E libsslocal: -n string
10-21 14:34:39.474 16447 26106 E libsslocal: server name
10-21 14:34:39.474 16447 26106 E libsslocal: -no-verify
10-21 14:34:39.474 16447 26106 E libsslocal: client won't verify the server's certificate chain and host name
10-21 14:34:39.474 16447 26106 E libsslocal: -pd
10-21 14:34:39.474 16447 26106 E libsslocal: send padding data occasionally to against traffic analysis
10-21 14:34:39.474 16447 26106 E libsslocal: -s is server
10-21 14:34:39.474 16447 26106 E libsslocal: -t int
10-21 14:34:39.474 16447 26106 E libsslocal: timeout after sec (default 300)
10-21 14:34:39.474 16447 26106 E libsslocal: -v output version info and exit
10-21 14:34:39.474 16447 26106 E libsslocal: 2020/10/21 06:34:39 main: invalid arg: flag provided but not defined: -V
It would be helpful to be able to know which binary version I am running.
Hey. I am grateful for your work. Tell me, please, are you planning to compile a solution for the RaspBerry Pi (arm) platform?
以前的 mos-tls-tunnel 是有这个功能的。simple-tls 似乎没有了。
MUX 可以避免频繁连接,从而避免被机房或 CDN 的防火墙判为 DDoS,同时也能减少频繁尝试握手的资源开销。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.