From 69771102ae7ffada7a95dbb4332330125d19d778 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=A3=8E=E6=89=87=E6=BB=91=E7=BF=94=E7=BF=BC?= Date: Fri, 4 Jul 2025 14:29:03 +0000 Subject: [PATCH] Command tls: Display Post-Quantum key exchange --- main/commands/all/tls/ping.go | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/main/commands/all/tls/ping.go b/main/commands/all/tls/ping.go index 7d0ea0d6..4c652e46 100644 --- a/main/commands/all/tls/ping.go +++ b/main/commands/all/tls/ping.go @@ -6,6 +6,8 @@ import ( "encoding/base64" "fmt" "net" + "reflect" + "unsafe" "github.com/xtls/xray-core/main/commands/base" . "github.com/xtls/xray-core/transport/internet/tls" @@ -65,7 +67,7 @@ func executePing(cmd *base.Command, args []string) { tlsConn := gotls.Client(tcpConn, &gotls.Config{ InsecureSkipVerify: true, NextProtos: []string{"http/1.1"}, - MaxVersion: gotls.VersionTLS12, + MaxVersion: gotls.VersionTLS13, MinVersion: gotls.VersionTLS12, // Do not release tool before v5's refactor // VerifyPeerCertificate: showCert(), @@ -75,6 +77,7 @@ func executePing(cmd *base.Command, args []string) { fmt.Println("Handshake failure: ", err) } else { fmt.Println("Handshake succeeded") + printTLSConnDetail(tlsConn) printCertificates(tlsConn.ConnectionState().PeerCertificates) } tlsConn.Close() @@ -90,7 +93,7 @@ func executePing(cmd *base.Command, args []string) { tlsConn := gotls.Client(tcpConn, &gotls.Config{ ServerName: domain, NextProtos: []string{"http/1.1"}, - MaxVersion: gotls.VersionTLS12, + MaxVersion: gotls.VersionTLS13, MinVersion: gotls.VersionTLS12, // Do not release tool before v5's refactor // VerifyPeerCertificate: showCert(), @@ -100,6 +103,7 @@ func executePing(cmd *base.Command, args []string) { fmt.Println("handshake failure: ", err) } else { fmt.Println("handshake succeeded") + printTLSConnDetail(tlsConn) printCertificates(tlsConn.ConnectionState().PeerCertificates) } tlsConn.Close() @@ -117,6 +121,24 @@ func printCertificates(certs []*x509.Certificate) { } } +func printTLSConnDetail(tlsConn *gotls.Conn) { + var tlsVersion string + if tlsConn.ConnectionState().Version == gotls.VersionTLS13 { + tlsVersion = "TLS 1.3" + } else if tlsConn.ConnectionState().Version == gotls.VersionTLS12 { + tlsVersion = "TLS 1.2" + } + fmt.Println("TLS Version:", tlsVersion) + p, _ := reflect.TypeOf(tlsConn).Elem().FieldByName("curveID") + curveID := (*gotls.CurveID)(unsafe.Pointer(uintptr(unsafe.Pointer(tlsConn)) + p.Offset)) + if curveID != nil { + PostQuantum := (*curveID == gotls.X25519MLKEM768) + fmt.Println("Post-Quantum key exchange:", PostQuantum, "("+curveID.String()+")") + } else { + fmt.Println("Post-Quantum key exchange: false (RSA Exchange)") + } +} + func showCert() func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { hash := GenerateCertChainHash(rawCerts)