XTLS Vision checks outer TLS version (#1554)

This commit is contained in:
yuhan6665 2023-01-26 22:43:58 -05:00 committed by GitHub
parent 3fb67f065a
commit fb212905bd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions

View file

@ -5,6 +5,7 @@ package inbound
import (
"bytes"
"context"
gotls "crypto/tls"
"io"
"reflect"
"strconv"
@ -470,6 +471,9 @@ func (h *Handler) Process(ctx context.Context, network net.Network, connection s
var t reflect.Type
var p uintptr
if tlsConn, ok := iConn.(*tls.Conn); ok {
if tlsConn.ConnectionState().Version != gotls.VersionTLS13 {
return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning()
}
netConn = tlsConn.NetConn()
if pc, ok := netConn.(*proxyproto.Conn); ok {
netConn = pc.Raw()

View file

@ -5,11 +5,13 @@ package outbound
import (
"bytes"
"context"
gotls "crypto/tls"
"reflect"
"syscall"
"time"
"unsafe"
utls "github.com/refraction-networking/utls"
"github.com/xtls/xray-core/common"
"github.com/xtls/xray-core/common/buf"
"github.com/xtls/xray-core/common/net"
@ -261,6 +263,15 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
var err error
if rawConn != nil && requestAddons.Flow == vless.XRV {
if tlsConn, ok := iConn.(*tls.Conn); ok {
if tlsConn.ConnectionState().Version != gotls.VersionTLS13 {
return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, tlsConn.ConnectionState().Version).AtWarning()
}
} else if utlsConn, ok := iConn.(*tls.UConn); ok {
if utlsConn.ConnectionState().Version != utls.VersionTLS13 {
return newError(`failed to use ` + requestAddons.Flow + `, found outer tls version `, utlsConn.ConnectionState().Version).AtWarning()
}
}
var counter stats.Counter
if statConn != nil {
counter = statConn.WriteCounter