From ec2224974de80545b13acd407559e7038fa49262 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=A3=8E=E6=89=87=E6=BB=91=E7=BF=94=E7=BF=BC?= <45535409+Fangliding@users.noreply.github.com> Date: Mon, 1 Apr 2024 23:02:19 +0800 Subject: [PATCH] Add "nosni" option to send empty SNI (#3214) * Allow not to send SNI * Allow reality not to send SNI --- transport/internet/reality/reality.go | 2 ++ transport/internet/tls/config.go | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go index 136a075d..b8bb881f 100644 --- a/transport/internet/reality/reality.go +++ b/transport/internet/reality/reality.go @@ -116,6 +116,8 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati } if utlsConfig.ServerName == "" { utlsConfig.ServerName = dest.Address.String() + } else if strings.ToLower(utlsConfig.ServerName) == "nosni" { // If ServerName is set to "nosni", we set it empty. + utlsConfig.ServerName = "" } uConn.ServerName = utlsConfig.ServerName fingerprint := tls.GetFingerprint(config.Fingerprint) diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go index 325909e3..03c43a9e 100644 --- a/transport/internet/tls/config.go +++ b/transport/internet/tls/config.go @@ -325,6 +325,11 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config { config.ServerName = sn } + // If ServerName is set to "nosni", we set it empty. + if strings.ToLower(c.parseServerName()) == "nosni" { + config.ServerName = "" + } + if len(config.NextProtos) == 0 { config.NextProtos = []string{"h2", "http/1.1"} } @@ -365,7 +370,7 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config { config.PreferServerCipherSuites = c.PreferServerCipherSuites - if (len(c.MasterKeyLog) > 0 && c.MasterKeyLog != "none") { + if len(c.MasterKeyLog) > 0 && c.MasterKeyLog != "none" { writer, err := os.OpenFile(c.MasterKeyLog, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0644) if err != nil { newError("failed to open ", c.MasterKeyLog, " as master key log").AtError().Base(err).WriteToLog() @@ -381,6 +386,9 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config { type Option func(*tls.Config) // WithDestination sets the server name in TLS config. +// Due to the incorrect structure of GetTLSConfig(), the config.ServerName will always be empty. +// So the real logic for SNI is: +// set it to dest -> overwrite it with servername(if it's len>0). func WithDestination(dest net.Destination) Option { return func(config *tls.Config) { if config.ServerName == "" {