mirror of
https://github.com/XTLS/Xray-core.git
synced 2025-12-17 04:34:35 +03:00
a02723e63f
Some checks failed
Build and Release for Windows 7 / check-assets (push) Has been cancelled
Build and Release for Windows 7 / build (win7-32, 386, windows) (push) Has been cancelled
Build and Release for Windows 7 / build (win7-64, amd64, windows) (push) Has been cancelled
Build and Release / build (386, freebsd, ) (push) Has been cancelled
Build and Release / build (386, linux, ) (push) Has been cancelled
Build and Release / build (386, openbsd, ) (push) Has been cancelled
Build and Release / build (386, windows, ) (push) Has been cancelled
Build and Release / build (amd64, android, android-amd64) (push) Has been cancelled
Build and Release / build (amd64, darwin, ) (push) Has been cancelled
Build and Release / build (amd64, freebsd, ) (push) Has been cancelled
Build and Release / build (amd64, linux, ) (push) Has been cancelled
Build and Release / build (amd64, openbsd, ) (push) Has been cancelled
Build and Release / build (amd64, windows, ) (push) Has been cancelled
Build and Release / build (arm, 5, linux) (push) Has been cancelled
Build and Release / build (arm, 6, linux) (push) Has been cancelled
Build and Release / build (arm, 7, freebsd) (push) Has been cancelled
Build and Release / build (arm, 7, linux) (push) Has been cancelled
Build and Release / build (arm, 7, openbsd) (push) Has been cancelled
Build and Release / build (arm, 7, windows) (push) Has been cancelled
Build and Release / build (arm64, android) (push) Has been cancelled
Build and Release / build (arm64, darwin) (push) Has been cancelled
Build and Release / build (arm64, freebsd) (push) Has been cancelled
Build and Release / build (arm64, linux) (push) Has been cancelled
Build and Release / build (arm64, openbsd) (push) Has been cancelled
Build and Release / build (arm64, windows) (push) Has been cancelled
Build and Release / build (loong64, linux) (push) Has been cancelled
Build and Release / build (mips, linux) (push) Has been cancelled
Build and Release / build (mips64, linux) (push) Has been cancelled
Build and Release / build (mips64le, linux) (push) Has been cancelled
Build and Release / build (mipsle, linux) (push) Has been cancelled
Build and Release / build (ppc64, linux) (push) Has been cancelled
Build and Release / build (ppc64le, linux) (push) Has been cancelled
Build and Release / build (riscv64, linux) (push) Has been cancelled
Build and Release / build (s390x, linux) (push) Has been cancelled
Build and Release / check-assets (push) Has been cancelled
Test / check-assets (push) Has been cancelled
Test / test (macos-latest) (push) Has been cancelled
Test / test (ubuntu-latest) (push) Has been cancelled
Test / test (windows-latest) (push) Has been cancelled
Scheduled assets update / geodat (push) Has been cancelled
Completes https://github.com/XTLS/Xray-core/pull/3813
105 lines
2.7 KiB
Protocol Buffer
105 lines
2.7 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package xray.transport.internet.tls;
|
|
option csharp_namespace = "Xray.Transport.Internet.Tls";
|
|
option go_package = "github.com/xtls/xray-core/transport/internet/tls";
|
|
option java_package = "com.xray.transport.internet.tls";
|
|
option java_multiple_files = true;
|
|
|
|
import "transport/internet/config.proto";
|
|
|
|
message Certificate {
|
|
// TLS certificate in x509 format.
|
|
bytes certificate = 1;
|
|
|
|
// TLS key in x509 format.
|
|
bytes key = 2;
|
|
|
|
enum Usage {
|
|
ENCIPHERMENT = 0;
|
|
AUTHORITY_VERIFY = 1;
|
|
AUTHORITY_ISSUE = 2;
|
|
}
|
|
|
|
Usage usage = 3;
|
|
|
|
uint64 ocsp_stapling = 4;
|
|
|
|
// TLS certificate path
|
|
string certificate_path = 5;
|
|
|
|
// TLS Key path
|
|
string key_path = 6;
|
|
|
|
// If true, one-Time Loading
|
|
bool One_time_loading = 7;
|
|
|
|
bool build_chain = 8;
|
|
}
|
|
|
|
message Config {
|
|
// Whether or not to allow self-signed certificates.
|
|
bool allow_insecure = 1;
|
|
|
|
// List of certificates to be served on server.
|
|
repeated Certificate certificate = 2;
|
|
|
|
// Override server name.
|
|
string server_name = 3;
|
|
|
|
// Lists of string as ALPN values.
|
|
repeated string next_protocol = 4;
|
|
|
|
// Whether or not to enable session (ticket) resumption.
|
|
bool enable_session_resumption = 5;
|
|
|
|
// If true, root certificates on the system will not be loaded for
|
|
// verification.
|
|
bool disable_system_root = 6;
|
|
|
|
// The minimum TLS version.
|
|
string min_version = 7;
|
|
|
|
// The maximum TLS version.
|
|
string max_version = 8;
|
|
|
|
// Specify cipher suites, except for TLS 1.3.
|
|
string cipher_suites = 9;
|
|
|
|
// TLS Client Hello fingerprint (uTLS).
|
|
string fingerprint = 11;
|
|
|
|
bool reject_unknown_sni = 12;
|
|
|
|
/* @Document Some certificate chain sha256 hashes.
|
|
@Document After normal validation or allow_insecure, if the server's cert chain hash does not match any of these values, the connection will be aborted.
|
|
@Critical
|
|
*/
|
|
repeated bytes pinned_peer_certificate_chain_sha256 = 13;
|
|
|
|
/* @Document Some certificate public key sha256 hashes.
|
|
@Document After normal validation (required), if one of certs in verified chain matches one of these values, the connection will be eventually accepted.
|
|
@Critical
|
|
*/
|
|
repeated bytes pinned_peer_certificate_public_key_sha256 = 14;
|
|
|
|
string master_key_log = 15;
|
|
|
|
// Lists of string as CurvePreferences values.
|
|
repeated string curve_preferences = 16;
|
|
|
|
/* @Document Replaces server_name to verify the peer cert.
|
|
@Document After allow_insecure (automatically), if the server's cert can't be verified by any of these names, pinned_peer_certificate_chain_sha256 will be tried.
|
|
@Critical
|
|
*/
|
|
repeated string verify_peer_cert_in_names = 17;
|
|
|
|
bytes ech_server_keys = 18;
|
|
|
|
string ech_config_list = 19;
|
|
|
|
bool ech_force_query = 20;
|
|
|
|
SocketConfig ech_socket_settings = 21;
|
|
}
|