From 66c59c07eb41feed49b47bfcaf04e513913501d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Mon, 23 Sep 2024 16:51:55 +0800 Subject: [PATCH] Update utls to v1.6.7 --- common/tls/utls_client.go | 12 ++---------- docs/configuration/inbound/trojan.md | 2 +- docs/configuration/route/rule.md | 2 +- docs/configuration/shared/tls.md | 23 +++++++++-------------- docs/configuration/shared/tls.zh.md | 23 +++++++++-------------- go.mod | 3 +-- go.sum | 6 ++---- 7 files changed, 25 insertions(+), 46 deletions(-) diff --git a/common/tls/utls_client.go b/common/tls/utls_client.go index 71ce8a4e0d..6364740f68 100644 --- a/common/tls/utls_client.go +++ b/common/tls/utls_client.go @@ -217,18 +217,10 @@ func init() { func uTLSClientHelloID(name string) (utls.ClientHelloID, error) { switch name { + case "chrome_psk", "chrome_psk_shuffle", "chrome_padding_psk_shuffle", "chrome_pq": + fallthrough case "chrome", "": return utls.HelloChrome_Auto, nil - case "chrome_psk": - return utls.HelloChrome_100_PSK, nil - case "chrome_psk_shuffle": - return utls.HelloChrome_112_PSK_Shuf, nil - case "chrome_padding_psk_shuffle": - return utls.HelloChrome_114_Padding_PSK_Shuf, nil - case "chrome_pq": - return utls.HelloChrome_115_PQ, nil - case "chrome_pq_psk": - return utls.HelloChrome_115_PQ_PSK, nil case "firefox": return utls.HelloFirefox_Auto, nil case "edge": diff --git a/docs/configuration/inbound/trojan.md b/docs/configuration/inbound/trojan.md index bd6c73b311..e277236b06 100644 --- a/docs/configuration/inbound/trojan.md +++ b/docs/configuration/inbound/trojan.md @@ -47,7 +47,7 @@ TLS configuration, see [TLS](/configuration/shared/tls/#inbound). #### fallback -!!! quote "" +!!! failure "" There is no evidence that GFW detects and blocks Trojan servers based on HTTP responses, and opening the standard http/s port on the server is a much bigger signature. diff --git a/docs/configuration/route/rule.md b/docs/configuration/route/rule.md index 91b432df1a..b5d17f215b 100644 --- a/docs/configuration/route/rule.md +++ b/docs/configuration/route/rule.md @@ -4,7 +4,7 @@ icon: material/alert-decagram !!! quote "Changes in sing-box 1.10.0" - :material-plus: [client](#client) + :material-plus: [client](#client) :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) :material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source) :material-plus: [process_path_regex](#process_path_regex) diff --git a/docs/configuration/shared/tls.md b/docs/configuration/shared/tls.md index 799aa0b09d..0e3b861a87 100644 --- a/docs/configuration/shared/tls.md +++ b/docs/configuration/shared/tls.md @@ -210,28 +210,23 @@ The path to the server private key, in PEM format. ==Client only== -!!! note "" - - uTLS is poorly maintained and the effect may be unproven, use at your own risk. +!!! failure "" + + There is no evidence that GFW detects and blocks servers based on TLS client fingerprinting, and using an imperfect emulation that has not been security reviewed could pose security risks. uTLS is a fork of "crypto/tls", which provides ClientHello fingerprinting resistance. Available fingerprint values: -!!! question "Since sing-box 1.8.0" +!!! warning "Removed since sing-box 1.10.0" - :material-plus: chrome_psk - :material-plus: chrome_psk_shuffle - :material-plus: chrome_padding_psk_shuffle - :material-plus: chrome_pq - :material-plus: chrome_pq_psk + :material-close: chrome_psk + :material-close: chrome_psk_shuffle + :material-close: chrome_padding_psk_shuffle + :material-close: chrome_pq + :material-close: chrome_pq_psk * chrome -* chrome_psk -* chrome_psk_shuffle -* chrome_padding_psk_shuffle -* chrome_pq -* chrome_pq_psk * firefox * edge * safari diff --git a/docs/configuration/shared/tls.zh.md b/docs/configuration/shared/tls.zh.md index 68de98459f..4a3e3e2bda 100644 --- a/docs/configuration/shared/tls.zh.md +++ b/docs/configuration/shared/tls.zh.md @@ -44,8 +44,8 @@ "handshake": { "server": "google.com", "server_port": 443, - - ... // 拨号字段 + ... + // 拨号字段 }, "private_key": "UuMBgl7MXTPx9inmQp2UC7Jcnwc6XYbwDNebonM-FCc", "short_id": [ @@ -204,26 +204,21 @@ TLS 版本值: !!! note "" - uTLS 维护不善且其效果可能未经证实,使用风险自负。 + 没有证据表明 GFW 根据 TLS 客户端指纹检测并阻止服务器,并且,使用一个未经安全审查的不完美模拟可能带来安全隐患。 uTLS 是 "crypto/tls" 的一个分支,它提供了 ClientHello 指纹识别阻力。 可用的指纹值: -!!! question "自 sing-box 1.8.0 起" +!!! warning "已在 sing-box 1.10.0 移除" - :material-plus: chrome_psk - :material-plus: chrome_psk_shuffle - :material-plus: chrome_padding_psk_shuffle - :material-plus: chrome_pq - :material-plus: chrome_pq_psk + :material-close: chrome_psk + :material-close: chrome_psk_shuffle + :material-close: chrome_padding_psk_shuffle + :material-close: chrome_pq + :material-close: chrome_pq_psk * chrome -* chrome_psk -* chrome_psk_shuffle -* chrome_padding_psk_shuffle -* chrome_pq -* chrome_pq_psk * firefox * edge * safari diff --git a/go.mod b/go.mod index 9bfdbebffd..24a6181f09 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( github.com/sagernet/sing-tun v0.4.0-beta.16 github.com/sagernet/sing-vmess v0.1.12 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 - github.com/sagernet/utls v1.5.4 + github.com/sagernet/utls v1.6.7 github.com/sagernet/wireguard-go v0.0.0-20231215174105-89dec3b2f3e8 github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 github.com/spf13/cobra v1.8.0 @@ -61,7 +61,6 @@ require ( github.com/andybalholm/brotli v1.0.6 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/gaukas/godicttls v0.0.4 // indirect github.com/go-ole/go-ole v1.3.0 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gobwas/httphead v0.1.0 // indirect diff --git a/go.sum b/go.sum index 21cd7047ec..19d8f9184c 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gaukas/godicttls v0.0.4 h1:NlRaXb3J6hAnTmWdsEKb9bcSBD6BvcIjdGdeb0zfXbk= -github.com/gaukas/godicttls v0.0.4/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI= github.com/go-chi/chi/v5 v5.0.12 h1:9euLV5sTrTNTRUU9POmDUvfxyj6LAABLUcEWO+JJb4s= github.com/go-chi/chi/v5 v5.0.12/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4= @@ -137,8 +135,8 @@ github.com/sagernet/sing-vmess v0.1.12 h1:2gFD8JJb+eTFMoa8FIVMnknEi+vCSfaiTXTfEY github.com/sagernet/sing-vmess v0.1.12/go.mod h1:luTSsfyBGAc9VhtCqwjR+dt1QgqBhuYBCONB/POhF8I= github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ= github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7/go.mod h1:FP9X2xjT/Az1EsG/orYYoC+5MojWnuI7hrffz8fGwwo= -github.com/sagernet/utls v1.5.4 h1:KmsEGbB2dKUtCNC+44NwAdNAqnqQ6GA4pTO0Yik56co= -github.com/sagernet/utls v1.5.4/go.mod h1:CTGxPWExIloRipK3XFpYv0OVyhO8kk3XCGW/ieyTh1s= +github.com/sagernet/utls v1.6.7 h1:Ep3+aJ8FUGGta+II2IEVNUc3EDhaRCZINWkj/LloIA8= +github.com/sagernet/utls v1.6.7/go.mod h1:Uua1TKO/FFuAhLr9rkaVnnrTmmiItzDjv1BUb2+ERwM= github.com/sagernet/wireguard-go v0.0.0-20231215174105-89dec3b2f3e8 h1:R0OMYAScomNAVpTfbHFpxqJpvwuhxSRi+g6z7gZhABs= github.com/sagernet/wireguard-go v0.0.0-20231215174105-89dec3b2f3e8/go.mod h1:K4J7/npM+VAMUeUmTa2JaA02JmyheP0GpRBOUvn3ecc= github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 h1:6uUiZcDRnZSAegryaUGwPC/Fj13JSHwiTftrXhMmYOc=