Xray-core icon indicating copy to clipboard operation
Xray-core copied to clipboard
verified publisher icon XTLS

启用utls后APLN设置失效

Open kireiyume opened this issue 3 years ago • 1 comments

在有些转发流量的场景下,仅运行apln为h2的流量通过,但是在开启utls后,转发的流量不通了。 配置: { "log": { "access": "", "error": "", "loglevel": "error" }, "inbounds": [ { "tag": "socks", "port": 10808, "listen": "127.0.0.1", "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "allowTransparent": false } }, { "tag": "http", "port": 10809, "listen": "127.0.0.1", "protocol": "http", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "allowTransparent": false } } ], "outbounds": [ { "tag": "proxy", "protocol": "trojan", "settings": { "servers": [ { "address": "xxx", "method": "chacha20", "ota": false, "password": "xxx", "port": xxx, "level": 1, "flow": "" } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "allowInsecure": false, "serverName": "xxxx", "alpn": [ "h2" ], "fingerprint": "chrome" } }, "mux": { "enabled": false, "concurrency": -1 } }, { "tag": "direct", "protocol": "freedom", "settings": {} }, { "tag": "block", "protocol": "blackhole", "settings": { "response": { "type": "http" } } } ], "routing": { "domainStrategy": "IPIfNonMatch", "domainMatcher": "linear", "rules": [ { "type": "field", "inboundTag": [ "api" ], "outboundTag": "api", "enabled": true }, { "type": "field", "outboundTag": "direct", "domain": [ "domain:example-example.com", "domain:example-example2.com" ], "enabled": true }, { "type": "field", "outboundTag": "block", "domain": [ "geosite:category-ads-all" ], "enabled": true }, { "type": "field", "outboundTag": "direct", "domain": [ "geosite:cn" ], "enabled": true }, { "type": "field", "outboundTag": "direct", "ip": [ "geoip:private", "geoip:cn" ], "enabled": true }, { "type": "field", "port": "0-65535", "outboundTag": "proxy", "enabled": true } ] } }

kireiyume avatar Oct 25 '22 00:10 kireiyume

I think this is intended behavior. If you enable uTLS it will override all of your TLS settings except servername, allow insecure and RootCAs. The code can be found here: https://github.com/XTLS/Xray-core/blob/341d317d0c691227d277abcd338c107d1207fc0e/transport/internet/tls/tls.go#L106-L112 Also I think this should be like that, because if you only put h2 in ALPN, it won't be chrome's fingerprint anymore. Unless, chrome really do have a h2 only mode which I've not seen.

HirbodBehnam avatar Oct 27 '22 07:10 HirbodBehnam