package tls import ( "context" "crypto/rand" "crypto/tls" "math/big" "time" "github.com/refraction-networking/uquic" utls "github.com/refraction-networking/utls" "github.com/xtls/xray-core/common/buf" "github.com/xtls/xray-core/common/net" ) type Interface interface { net.Conn HandshakeContext(ctx context.Context) error VerifyHostname(host string) error NegotiatedProtocol() string } var _ buf.Writer = (*Conn)(nil) var _ Interface = (*Conn)(nil) type Conn struct { *tls.Conn } const tlsCloseTimeout = 250 * time.Millisecond func (c *Conn) Close() error { timer := time.AfterFunc(tlsCloseTimeout, func() { c.Conn.NetConn().Close() }) defer timer.Stop() return c.Conn.Close() } func (c *Conn) WriteMultiBuffer(mb buf.MultiBuffer) error { mb = buf.Compact(mb) mb, err := buf.WriteMultiBuffer(c, mb) buf.ReleaseMulti(mb) return err } func (c *Conn) HandshakeAddressContext(ctx context.Context) net.Address { if err := c.HandshakeContext(ctx); err != nil { return nil } state := c.ConnectionState() if state.ServerName == "" { return nil } return net.ParseAddress(state.ServerName) } func (c *Conn) NegotiatedProtocol() string { state := c.ConnectionState() return state.NegotiatedProtocol } // Client initiates a TLS client handshake on the given connection. func Client(c net.Conn, config *tls.Config) net.Conn { tlsConn := tls.Client(c, config) return &Conn{Conn: tlsConn} } // Server initiates a TLS server handshake on the given connection. func Server(c net.Conn, config *tls.Config) net.Conn { tlsConn := tls.Server(c, config) return &Conn{Conn: tlsConn} } type UConn struct { *utls.UConn } var _ Interface = (*UConn)(nil) func (c *UConn) Close() error { timer := time.AfterFunc(tlsCloseTimeout, func() { c.Conn.NetConn().Close() }) defer timer.Stop() return c.Conn.Close() } func (c *UConn) HandshakeAddressContext(ctx context.Context) net.Address { if err := c.HandshakeContext(ctx); err != nil { return nil } state := c.ConnectionState() if state.ServerName == "" { return nil } return net.ParseAddress(state.ServerName) } // WebsocketHandshake basically calls UConn.Handshake inside it but it will only send // http/1.1 in its ALPN. func (c *UConn) WebsocketHandshakeContext(ctx context.Context) error { // Build the handshake state. This will apply every variable of the TLS of the // fingerprint in the UConn if err := c.BuildHandshakeState(); err != nil { return err } // Iterate over extensions and check for utls.ALPNExtension hasALPNExtension := false for _, extension := range c.Extensions { if alpn, ok := extension.(*utls.ALPNExtension); ok { hasALPNExtension = true alpn.AlpnProtocols = []string{"http/1.1"} break } } if !hasALPNExtension { // Append extension if doesn't exists c.Extensions = append(c.Extensions, &utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}}) } // Rebuild the client hello and do the handshake if err := c.BuildHandshakeState(); err != nil { return err } return c.HandshakeContext(ctx) } func (c *UConn) NegotiatedProtocol() string { state := c.ConnectionState() return state.NegotiatedProtocol } func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) net.Conn { utlsConn := utls.UClient(c, CopyConfig(config), *fingerprint) return &UConn{UConn: utlsConn} } func CopyConfig(c *tls.Config) *utls.Config { return &utls.Config{ RootCAs: c.RootCAs, ServerName: c.ServerName, InsecureSkipVerify: c.InsecureSkipVerify, VerifyPeerCertificate: c.VerifyPeerCertificate, KeyLogWriter: c.KeyLogWriter, } } func init() { bigInt, _ := rand.Int(rand.Reader, big.NewInt(int64(len(ModernFingerprints)))) stopAt := int(bigInt.Int64()) i := 0 for _, v := range ModernFingerprints { if i == stopAt { PresetFingerprints["random"] = v break } i++ } bigInt, _ = rand.Int(rand.Reader, big.NewInt(int64(len(QuicAllFingerprints)))) stopAt = int(bigInt.Int64()) i = 0 for _, v := range QuicAllFingerprints { if i == stopAt { QuicPresetFingerprints["random"] = v break } i++ } weights := utls.DefaultWeights weights.TLSVersMax_Set_VersionTLS13 = 1 weights.FirstKeyShare_Set_CurveP256 = 0 randomized := utls.HelloRandomized randomized.Seed, _ = utls.NewPRNGSeed() randomized.Weights = &weights PresetFingerprints["randomized"] = &randomized } func GetFingerprint(name string) (fingerprint *utls.ClientHelloID) { if name == "" { return } if fingerprint = PresetFingerprints[name]; fingerprint != nil { return } if fingerprint = ModernFingerprints[name]; fingerprint != nil { return } if fingerprint = OtherFingerprints[name]; fingerprint != nil { return } return } func GetQuicFingerprint(name string) (fingerprint *quic.QUICID) { if name == "" { return } if fingerprint = QuicPresetFingerprints[name]; fingerprint != nil { return } if fingerprint = QuicAllFingerprints[name]; fingerprint != nil { return } return } var QuicPresetFingerprints = map[string]*quic.QUICID { "chrome": &quic.QUICChrome_115, "firefox": &quic.QUICFirefox_116, "random": nil, } var QuicAllFingerprints = map[string]*quic.QUICID { "quicchrome_115": &quic.QUICChrome_115, "quicchrome_115_ipv4": &quic.QUICChrome_115_IPv4, "quicchrome_115_ipv6": &quic.QUICChrome_115_IPv6, "quicfirefox_116": &quic.QUICFirefox_116, "quicfirefox_116a": &quic.QUICFirefox_116A, "quicfirefox_116b": &quic.QUICFirefox_116B, "quicfirefox_116c": &quic.QUICFirefox_116C, } var PresetFingerprints = map[string]*utls.ClientHelloID{ // Recommended preset options in GUI clients "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, "safari": &utls.HelloSafari_Auto, "ios": &utls.HelloIOS_Auto, "android": &utls.HelloAndroid_11_OkHttp, "edge": &utls.HelloEdge_Auto, "360": &utls.Hello360_Auto, "qq": &utls.HelloQQ_Auto, "random": nil, "randomized": nil, } var ModernFingerprints = map[string]*utls.ClientHelloID{ // One of these will be chosen as `random` at startup "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, "hellofirefox_105": &utls.HelloFirefox_105, "hellochrome_83": &utls.HelloChrome_83, "hellochrome_87": &utls.HelloChrome_87, "hellochrome_96": &utls.HelloChrome_96, "hellochrome_100": &utls.HelloChrome_100, "hellochrome_102": &utls.HelloChrome_102, "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, "helloios_13": &utls.HelloIOS_13, "helloios_14": &utls.HelloIOS_14, "helloedge_85": &utls.HelloEdge_85, "helloedge_106": &utls.HelloEdge_106, "hellosafari_16_0": &utls.HelloSafari_16_0, "hello360_11_0": &utls.Hello360_11_0, "helloqq_11_1": &utls.HelloQQ_11_1, } var OtherFingerprints = map[string]*utls.ClientHelloID{ // Golang, randomized, auto, and fingerprints that are too old "hellogolang": &utls.HelloGolang, "hellorandomized": &utls.HelloRandomized, "hellorandomizedalpn": &utls.HelloRandomizedALPN, "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, "hellofirefox_auto": &utls.HelloFirefox_Auto, "hellofirefox_55": &utls.HelloFirefox_55, "hellofirefox_56": &utls.HelloFirefox_56, "hellofirefox_63": &utls.HelloFirefox_63, "hellofirefox_65": &utls.HelloFirefox_65, "hellochrome_auto": &utls.HelloChrome_Auto, "hellochrome_58": &utls.HelloChrome_58, "hellochrome_62": &utls.HelloChrome_62, "hellochrome_70": &utls.HelloChrome_70, "hellochrome_72": &utls.HelloChrome_72, "helloios_auto": &utls.HelloIOS_Auto, "helloios_11_1": &utls.HelloIOS_11_1, "helloios_12_1": &utls.HelloIOS_12_1, "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, "helloedge_auto": &utls.HelloEdge_Auto, "hellosafari_auto": &utls.HelloSafari_Auto, "hello360_auto": &utls.Hello360_Auto, "hello360_7_5": &utls.Hello360_7_5, "helloqq_auto": &utls.HelloQQ_Auto, }