github
/
v2ray-core
mirror of https://github.com/v2ray/v2ray-core
1
0
Fork 0
Code Issues Releases Wiki Activity

settings for allowing insecure cipher suites.

pull/1132/head v3.23.1
Darien Raymond 2018-05-27 18:52:08 +02:00
parent e4254bbde9
commit 9321210bcf
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
3 changed files with 59 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
transport/internet/tls/config.go
View File

@ -140,6 +140,23 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
opt(config) opt(config)
} }
if c.AllowInsecureCiphers && len(config.CipherSuites) == 0 {
config.CipherSuites = []uint16{
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
}
}
config.InsecureSkipVerify = c.AllowInsecure config.InsecureSkipVerify = c.AllowInsecure
config.Certificates = c.BuildCertificates() config.Certificates = c.BuildCertificates()
config.BuildNameToCertificate() config.BuildNameToCertificate()

68
transport/internet/tls/config.pb.go
View File

@ -38,7 +38,7 @@ func (x Certificate_Usage) String() string {
return proto.EnumName(Certificate_Usage_name, int32(x)) return proto.EnumName(Certificate_Usage_name, int32(x))
} }
func (Certificate_Usage) EnumDescriptor() ([]byte, []int) { func (Certificate_Usage) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_config_094edd58cf826f66, []int{0, 0} return fileDescriptor_config_e641ddfb53ec9d25, []int{0, 0}
} }
type Certificate struct { type Certificate struct {
@ -56,7 +56,7 @@ func (m *Certificate) Reset() { *m = Certificate{} }
func (m *Certificate) String() string { return proto.CompactTextString(m) } func (m *Certificate) String() string { return proto.CompactTextString(m) }
func (*Certificate) ProtoMessage() {} func (*Certificate) ProtoMessage() {}
func (*Certificate) Descriptor() ([]byte, []int) { func (*Certificate) Descriptor() ([]byte, []int) {
return fileDescriptor_config_094edd58cf826f66, []int{0} return fileDescriptor_config_e641ddfb53ec9d25, []int{0}
} }
func (m *Certificate) XXX_Unmarshal(b []byte) error { func (m *Certificate) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Certificate.Unmarshal(m, b) return xxx_messageInfo_Certificate.Unmarshal(m, b)
@ -100,6 +100,8 @@ func (m *Certificate) GetUsage() Certificate_Usage {
type Config struct { type Config struct {
// Whether or not to allow self-signed certificates. // Whether or not to allow self-signed certificates.
AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure" json:"allow_insecure,omitempty"` AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure" json:"allow_insecure,omitempty"`
// Whether or not to allow insecure cipher suites.
AllowInsecureCiphers bool `protobuf:"varint,5,opt,name=allow_insecure_ciphers,json=allowInsecureCiphers" json:"allow_insecure_ciphers,omitempty"`
// List of certificates to be served on server. // List of certificates to be served on server.
Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate" json:"certificate,omitempty"` Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate" json:"certificate,omitempty"`
// Override server name. // Override server name.
@ -115,7 +117,7 @@ func (m *Config) Reset() { *m = Config{} }
func (m *Config) String() string { return proto.CompactTextString(m) } func (m *Config) String() string { return proto.CompactTextString(m) }
func (*Config) ProtoMessage() {} func (*Config) ProtoMessage() {}
func (*Config) Descriptor() ([]byte, []int) { func (*Config) Descriptor() ([]byte, []int) {
return fileDescriptor_config_094edd58cf826f66, []int{1} return fileDescriptor_config_e641ddfb53ec9d25, []int{1}
} }
func (m *Config) XXX_Unmarshal(b []byte) error { func (m *Config) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Config.Unmarshal(m, b) return xxx_messageInfo_Config.Unmarshal(m, b)
@ -142,6 +144,13 @@ func (m *Config) GetAllowInsecure() bool {
return false return false
} }
func (m *Config) GetAllowInsecureCiphers() bool {
if m != nil {
return m.AllowInsecureCiphers
}
return false
}
func (m *Config) GetCertificate() []*Certificate { func (m *Config) GetCertificate() []*Certificate {
if m != nil { if m != nil {
return m.Certificate return m.Certificate
@ -170,32 +179,33 @@ func init() {
} }
func init() { func init() {
proto.RegisterFile("v2ray.com/core/transport/internet/tls/config.proto", fileDescriptor_config_094edd58cf826f66) proto.RegisterFile("v2ray.com/core/transport/internet/tls/config.proto", fileDescriptor_config_e641ddfb53ec9d25)
} }
var fileDescriptor_config_094edd58cf826f66 = []byte{ var fileDescriptor_config_e641ddfb53ec9d25 = []byte{
// 358 bytes of a gzipped FileDescriptorProto // 376 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x91, 0xd1, 0x6e, 0xda, 0x30, 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x91, 0x51, 0x8f, 0x93, 0x40,
0x14, 0x40, 0x97, 0x64, 0xa0, 0xe1, 0x00, 0x8b, 0xbc, 0x3d, 0xe4, 0x6d, 0x81, 0x09, 0x29, 0x4f, 0x10, 0x80, 0x05, 0xec, 0xc5, 0x1b, 0x7a, 0x27, 0x59, 0x2f, 0x86, 0x37, 0xb9, 0x9a, 0x26, 0x3c,
0x8e, 0x94, 0xed, 0x07, 0xb6, 0x34, 0x15, 0x69, 0x55, 0x1a, 0x99, 0x80, 0x44, 0x5f, 0x22, 0xd7, 0x2d, 0x09, 0xf6, 0x0f, 0x28, 0x62, 0x8a, 0xc6, 0x4a, 0xb6, 0xb4, 0x49, 0x7d, 0x21, 0xeb, 0x66,
0x32, 0x28, 0x52, 0x12, 0x23, 0xdb, 0xd0, 0xf2, 0x4b, 0xfd, 0x91, 0x7e, 0x40, 0x7f, 0xa8, 0x4a, 0x5b, 0x49, 0x80, 0x6d, 0x76, 0xb7, 0xd5, 0xfe, 0x25, 0xff, 0x8e, 0xbf, 0xc7, 0xc4, 0x00, 0x6d,
0x02, 0x14, 0x9e, 0x50, 0xdf, 0x7c, 0x8f, 0xcf, 0xbd, 0xd7, 0xf7, 0x1a, 0xf8, 0x5b, 0x5f, 0x90, 0x2d, 0x4f, 0x8d, 0x6f, 0xcc, 0x37, 0xdf, 0xcc, 0x30, 0xb3, 0x10, 0xee, 0x43, 0x49, 0x0f, 0x98,
0x1d, 0xa2, 0xbc, 0xf0, 0x28, 0x17, 0xcc, 0x53, 0x82, 0x94, 0x72, 0xcd, 0x85, 0xf2, 0xb2, 0x52, 0x89, 0x2a, 0x60, 0x42, 0xf2, 0x40, 0x4b, 0x5a, 0xab, 0xad, 0x90, 0x3a, 0x28, 0x6a, 0xcd, 0x65,
0x31, 0x51, 0x32, 0xe5, 0xa9, 0x5c, 0x7a, 0x94, 0x97, 0xcb, 0x6c, 0x85, 0xd6, 0x82, 0x2b, 0x0e, 0xcd, 0x75, 0xa0, 0x4b, 0x15, 0x30, 0x51, 0xaf, 0x8b, 0x0d, 0xde, 0x4a, 0xa1, 0x05, 0x7a, 0x3c,
0x07, 0x87, 0x1c, 0xc1, 0xd0, 0xd1, 0x47, 0x07, 0x1f, 0xa9, 0x5c, 0x0e, 0xdf, 0x34, 0x60, 0x06, 0xd5, 0x48, 0x8e, 0xcf, 0x3e, 0x3e, 0xf9, 0x58, 0x97, 0x6a, 0xf4, 0xdb, 0x00, 0x3b, 0xe2, 0x52,
0x4c, 0xa8, 0x6c, 0x99, 0x51, 0xa2, 0x18, 0x74, 0xce, 0x42, 0x5b, 0x73, 0x34, 0xb7, 0x8b, 0xcf, 0x17, 0xeb, 0x82, 0x51, 0xcd, 0x91, 0xd7, 0x0b, 0x5d, 0xc3, 0x33, 0xfc, 0x21, 0xe9, 0x19, 0x0e,
0x0c, 0x0b, 0x18, 0xb7, 0x6c, 0x67, 0xeb, 0xf5, 0x4d, 0x75, 0x84, 0x37, 0xa0, 0xb5, 0x91, 0x64, 0x58, 0x9f, 0xf8, 0xc1, 0x35, 0xdb, 0x4c, 0xf3, 0x89, 0x3e, 0xc2, 0x60, 0xa7, 0xe8, 0x86, 0xbb,
0xc5, 0x6c, 0xc3, 0xd1, 0xdc, 0xbe, 0xff, 0x17, 0x5d, 0x6c, 0x8b, 0x4e, 0x0a, 0xa2, 0x59, 0x95, 0x96, 0x67, 0xf8, 0xf7, 0xe1, 0x04, 0x5f, 0x1d, 0x8b, 0x2f, 0x1a, 0xe2, 0x45, 0x53, 0x4b, 0xba,
0x8b, 0x9b, 0x12, 0xc3, 0x2b, 0xd0, 0xaa, 0x63, 0x68, 0x81, 0x6e, 0x38, 0x09, 0xa2, 0x78, 0x1c, 0x16, 0xa3, 0xf7, 0x30, 0x68, 0x63, 0xe4, 0xc0, 0x30, 0x9e, 0x45, 0x49, 0x3a, 0x8d, 0xc9, 0xe7,
0xe2, 0xbb, 0x70, 0x92, 0x58, 0x5f, 0xe0, 0x4f, 0x60, 0xfd, 0x9b, 0x25, 0xe3, 0x7b, 0x1c, 0x25, 0x78, 0x96, 0x39, 0x4f, 0xd0, 0x03, 0x38, 0x6f, 0x17, 0xd9, 0xf4, 0x0b, 0x49, 0xb2, 0x55, 0xbe,
0x8b, 0x74, 0x1e, 0xe2, 0xe8, 0x7a, 0x61, 0x69, 0xf0, 0x07, 0xf8, 0xfe, 0x41, 0xa3, 0xe9, 0x74, 0x8c, 0x49, 0xf2, 0x61, 0xe5, 0x18, 0xe8, 0x05, 0x3c, 0xff, 0x47, 0x93, 0xf9, 0x7c, 0x11, 0x3b,
0x16, 0x5a, 0xfa, 0xf0, 0x55, 0x03, 0xed, 0xa0, 0xde, 0x04, 0x1c, 0x81, 0x3e, 0xc9, 0x73, 0xfe, 0xe6, 0xe8, 0x8f, 0x01, 0x37, 0x51, 0x7b, 0x09, 0x34, 0x86, 0x7b, 0x5a, 0x96, 0xe2, 0x47, 0x5e,
0x94, 0x66, 0xa5, 0x64, 0x74, 0x23, 0x9a, 0x99, 0xbe, 0xe1, 0x5e, 0x4d, 0xa3, 0x3d, 0x84, 0x31, 0xd4, 0x8a, 0xb3, 0x9d, 0xec, 0x76, 0x7a, 0x46, 0xee, 0x5a, 0x9a, 0x1c, 0x21, 0x9a, 0xc0, 0xcb,
0x30, 0xe9, 0xc9, 0xdc, 0xba, 0x63, 0xb8, 0xa6, 0x8f, 0x3e, 0x37, 0x09, 0x3e, 0x2d, 0x01, 0x7f, 0xbe, 0x96, 0xb3, 0x62, 0xfb, 0x9d, 0x4b, 0xe5, 0x0e, 0x5a, 0xfd, 0xa1, 0xa7, 0x47, 0x5d, 0x0e,
0x01, 0x53, 0x32, 0xb1, 0x65, 0x22, 0x2d, 0x49, 0xd1, 0xec, 0xa6, 0x83, 0x41, 0x83, 0x26, 0xa4, 0xa5, 0x60, 0xb3, 0x8b, 0x6b, 0x99, 0x9e, 0xe5, 0xdb, 0x21, 0xfe, 0xbf, 0xfd, 0xc9, 0x65, 0x0b,
0x60, 0xf0, 0x37, 0xe8, 0x95, 0xec, 0x59, 0xa5, 0xf5, 0x5f, 0x51, 0x9e, 0xdb, 0x5f, 0x1d, 0xc3, 0xf4, 0x0a, 0x6c, 0xc5, 0xe5, 0x9e, 0xcb, 0xbc, 0xa6, 0x55, 0x77, 0xd1, 0x5b, 0x02, 0x1d, 0x9a,
0xed, 0xe0, 0x6e, 0x05, 0xe3, 0x3d, 0xfb, 0x8f, 0xc1, 0x88, 0xf2, 0xe2, 0xf2, 0x3b, 0x62, 0xed, 0xd1, 0x8a, 0xa3, 0xd7, 0x70, 0x57, 0xf3, 0x9f, 0x3a, 0x6f, 0x5f, 0x98, 0x89, 0xd2, 0x7d, 0xea,
0xc1, 0x50, 0xb9, 0x7c, 0xd1, 0x07, 0x73, 0x1f, 0x93, 0x1d, 0x0a, 0x2a, 0x35, 0x39, 0xaa, 0xd1, 0x59, 0xfe, 0x2d, 0x19, 0x36, 0x30, 0x3d, 0xb2, 0x77, 0x04, 0xc6, 0x4c, 0x54, 0xd7, 0xff, 0x23,
0x41, 0x4d, 0x72, 0xf9, 0xd8, 0xae, 0x3b, 0xfe, 0x79, 0x0f, 0x00, 0x00, 0xff, 0xff, 0x0b, 0xcd, 0x35, 0xbe, 0x5a, 0xba, 0x54, 0xbf, 0xcc, 0xc7, 0x65, 0x48, 0xe8, 0x01, 0x47, 0x8d, 0x9a, 0x9d,
0x2a, 0x68, 0x53, 0x02, 0x00, 0x00, 0xd5, 0xe4, 0xa4, 0x66, 0xa5, 0xfa, 0x76, 0xd3, 0x4e, 0x7c, 0xf3, 0x37, 0x00, 0x00, 0xff, 0xff,
0xd1, 0x3b, 0xdd, 0x37, 0x89, 0x02, 0x00, 0x00,
} }

3
transport/internet/tls/config.proto
View File

@ -26,6 +26,9 @@ message Config {
// Whether or not to allow self-signed certificates. // Whether or not to allow self-signed certificates.
bool allow_insecure = 1; bool allow_insecure = 1;
// Whether or not to allow insecure cipher suites.
bool allow_insecure_ciphers = 5;
// List of certificates to be served on server. // List of certificates to be served on server.
repeated Certificate certificate = 2; repeated Certificate certificate = 2;