2020-11-25 11:01:53 +00:00
|
|
|
syntax = "proto3";
|
|
|
|
|
|
|
|
package xray.transport.internet.tls;
|
|
|
|
option csharp_namespace = "Xray.Transport.Internet.Tls";
|
2020-12-04 01:36:16 +00:00
|
|
|
option go_package = "github.com/xtls/xray-core/transport/internet/tls";
|
2020-11-25 11:01:53 +00:00
|
|
|
option java_package = "com.xray.transport.internet.tls";
|
|
|
|
option java_multiple_files = true;
|
|
|
|
|
|
|
|
message Certificate {
|
|
|
|
// TLS certificate in x509 format.
|
2020-12-25 15:10:12 +00:00
|
|
|
bytes certificate = 1;
|
2020-11-25 11:01:53 +00:00
|
|
|
|
|
|
|
// TLS key in x509 format.
|
2020-12-25 15:10:12 +00:00
|
|
|
bytes key = 2;
|
2020-11-25 11:01:53 +00:00
|
|
|
|
|
|
|
enum Usage {
|
|
|
|
ENCIPHERMENT = 0;
|
|
|
|
AUTHORITY_VERIFY = 1;
|
|
|
|
AUTHORITY_ISSUE = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
Usage usage = 3;
|
2020-12-25 08:01:20 +00:00
|
|
|
|
2021-02-20 02:15:57 +00:00
|
|
|
uint64 ocsp_stapling = 4;
|
2021-02-12 15:33:19 +00:00
|
|
|
|
|
|
|
// TLS certificate path
|
|
|
|
string certificate_path = 5;
|
|
|
|
|
|
|
|
// TLS Key path
|
|
|
|
string key_path = 6;
|
2021-02-20 02:15:57 +00:00
|
|
|
|
|
|
|
// If true, one-Time Loading
|
|
|
|
bool One_time_loading = 7;
|
2020-11-25 11:01:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
message Config {
|
|
|
|
// Whether or not to allow self-signed certificates.
|
|
|
|
bool allow_insecure = 1;
|
|
|
|
|
|
|
|
// List of certificates to be served on server.
|
|
|
|
repeated Certificate certificate = 2;
|
|
|
|
|
|
|
|
// Override server name.
|
|
|
|
string server_name = 3;
|
|
|
|
|
|
|
|
// Lists of string as ALPN values.
|
|
|
|
repeated string next_protocol = 4;
|
|
|
|
|
2021-01-01 11:33:09 +00:00
|
|
|
// Whether or not to enable session (ticket) resumption.
|
|
|
|
bool enable_session_resumption = 5;
|
2020-11-25 11:01:53 +00:00
|
|
|
|
|
|
|
// If true, root certificates on the system will not be loaded for
|
|
|
|
// verification.
|
2020-12-16 15:59:04 +00:00
|
|
|
bool disable_system_root = 6;
|
2020-12-16 05:20:24 +00:00
|
|
|
|
2020-12-16 08:50:18 +00:00
|
|
|
// The minimum TLS version.
|
2020-12-16 15:59:04 +00:00
|
|
|
string min_version = 7;
|
|
|
|
|
|
|
|
// The maximum TLS version.
|
|
|
|
string max_version = 8;
|
2020-12-16 12:53:55 +00:00
|
|
|
|
2020-12-16 15:59:04 +00:00
|
|
|
// Specify cipher suites, except for TLS 1.3.
|
2020-12-16 12:53:55 +00:00
|
|
|
string cipher_suites = 9;
|
|
|
|
|
2020-12-16 15:59:04 +00:00
|
|
|
// Whether the server selects its most preferred ciphersuite.
|
2024-04-13 05:29:34 +00:00
|
|
|
// Deprecated: crypto/tls has ignored this field.
|
|
|
|
bool prefer_server_cipher_suites = 10 [deprecated = true];
|
2021-03-29 10:08:29 +00:00
|
|
|
|
|
|
|
// TLS Client Hello fingerprint (uTLS).
|
|
|
|
string fingerprint = 11;
|
2021-05-09 15:47:21 +00:00
|
|
|
|
|
|
|
bool reject_unknown_sni = 12;
|
2021-10-22 04:04:06 +00:00
|
|
|
|
|
|
|
/* @Document A pinned certificate chain sha256 hash.
|
|
|
|
@Document If the server's hash does not match this value, the connection will be aborted.
|
|
|
|
@Document This value replace allow_insecure.
|
|
|
|
@Critical
|
|
|
|
*/
|
|
|
|
repeated bytes pinned_peer_certificate_chain_sha256 = 13;
|
2023-02-17 08:01:24 +00:00
|
|
|
|
|
|
|
/* @Document A pinned certificate public key sha256 hash.
|
|
|
|
@Document If the server's public key hash does not match this value, the connection will be aborted.
|
|
|
|
@Document This value replace allow_insecure.
|
|
|
|
@Critical
|
|
|
|
*/
|
|
|
|
repeated bytes pinned_peer_certificate_public_key_sha256 = 14;
|
2023-11-27 15:08:34 +00:00
|
|
|
|
|
|
|
string master_key_log = 15;
|
2020-11-25 11:01:53 +00:00
|
|
|
}
|