v1.7.2 vision流控无法使用ss的2022-blake3-aes-256-gcm中转

Question

v1.7.2 vision流控无法使用ss的2022-blake3-aes-256-gcm中转

kmb21y66 opened this issue 2 years ago · comments

所有服务端客户端版本均为v1.7.2
配置情况类似#1403
检查过配置文件，中转机和落地机流控均为xtls-rprx-vision，中转机入站的shadowsocks在使用chacha20-ietf-poly1305中转时正常，而使用2022-blake3-aes-256-gcm时无法访问网页
测试中转机使用2022-blake3-aes-256-gcm时不进行中转而是直连时网页访问正常
客户端日志：

[Info] [1682512687] proxy/socks: TCP Connect request to tcp:ip.skk.moe:443
[Info] [1682512687] app/dispatcher: sniffed domain: ip.skk.moe
tcp:127.0.0.1:64301 accepted tcp:ip.skk.moe:443 [socks -> proxy]
[Info] [1682512687] app/dispatcher: taking detour [proxy] for [tcp:ip.skk.moe:443]
[Info] [1682512687] proxy/shadowsocks_2022: tunneling request to tcp:ip.skk.moe:443 via xxx
[Info] [1682512687] transport/internet/tcp: dialing TCP to tcp:xxx
[Debug] transport/internet: dialing to tcp:xxx
[Info] [1682512687] app/proxyman/outbound: failed to process outbound traffic > download: cipher: message authentication failed | upload: EOF
[Info] [1682512687] app/proxyman/inbound: connection ends > proxy/socks: connection ends > proxy/socks: failed to transport all TCP response > io: read/write on closed pipe

中转机日志：

[Info] [3046467828] proxy/shadowsocks_2022: tunnelling request to tcp:ip.skk.moe:443
[Info] [3046467828] app/dispatcher: taking detour [aaaa] for [tcp:ip.skk.moe:443]
[Info] [3046467828] transport/internet/tcp: dialing TCP to tcp:yyy:443
[Info] [3046467828] proxy/vless/outbound: tunneling request to tcp:ip.skk.moe:443 via yyy:443
[Info] [3046467828] proxy/vless/encoding: XtlsFilterTls found tls client hello! 547
[Info] [3046467828] proxy/vless/encoding: XtlsPadding 547 818 0
[Info] [3046467828] proxy/vless/encoding: Xtls Unpadding new block0 16 content 212 padding 1108 0
[Info] [3046467828] proxy/vless/encoding: XtlsFilterTls found tls 1.3! 212 TLS_AES_128_GCM_SHA256
[Info] [3046467828] proxy/vless/encoding: XtlsPadding 64 890 0
[Info] [3046467828] proxy/vless/encoding: XtlsPadding 98 818 2
[Info] [3046467828] proxy/vless/encoding: XtlsWrite writeV 1 1880 0
[Info] [3046467828] proxy/vless/encoding: Xtls Unpadding new block0 0 content 521 padding 737 2
[Info] [3046467828] proxy/vless/encoding: XtlsRead splice
[Info] [3046467828] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > proxy/vless/outbound: failed to transfer response payload > readfrom tcp xxx->zzz: splice: broken pipe

落地机日志：

[Info] [1453989842] proxy/vless/inbound: firstLen = 1186
[Info] [1453989842] proxy/vless/inbound: received request for tcp:ip.skk.moe:443
[Info] [1453989842] proxy/vless/encoding: Xtls Unpadding new block0 16 content 547 padding 818 0
[Info] [1453989842] proxy/vless/encoding: XtlsFilterTls found tls client hello! 547
[Info] [1453989842] app/dispatcher: sniffed domain: ip.skk.moe
[Info] [1453989842] app/dispatcher: taking detour [direct] for [tcp:ip.skk.moe:443]
[Info] [1453989842] proxy/freedom: opening connection to tcp:ip.skk.moe:443
[Info] [1453989842] transport/internet/tcp: dialing TCP to tcp:ip.skk.moe:443
[Info] [1453989842] proxy/vless/encoding: XtlsFilterTls found tls 1.3! 212 TLS_AES_128_GCM_SHA256
[Info] [1453989842] proxy/vless/encoding: XtlsPadding 212 1108 0
[Info] [1453989842] proxy/vless/encoding: Xtls Unpadding new block0 0 content 64 padding 890 0
[Info] [1453989842] proxy/vless/encoding: Xtls Unpadding new block0 0 content 98 padding 818 2
[Info] [1453989842] proxy/vless/encoding: XtlsRead readV
[Info] [1453989842] proxy/vless/encoding: XtlsPadding 521 737 2
[Info] [1453989842] proxy/vless/encoding: XtlsWrite writeV 0 1263 0

Nanyu · Answer 1 · Sun Jan 08 2023 21:34:05 GMT+0800 (China Standard Time)

could golang specify TLS 1.3 cipher suit?
#1484 (comment)
From information contained in the jumping url, it is not supported by golang by now.

Nanyu · Answer 2 · Sun Jan 08 2023 21:37:20 GMT+0800 (China Standard Time)

Golang officially will support tls1.3 cipher suit configuration if TLS 1.3 ecosystem request explicitly, which has not happened until now.

kmb21y66 · Answer 3 · Sun Jan 08 2023 21:52:04 GMT+0800 (China Standard Time)

Golang officially will support tls1.3 cipher suit configuration if TLS 1.3 ecosystem request explicitly, which has not happened until now.

这里描述的chacha20-ietf-poly1305并不是xtls的加密套件，而是中转机入站shadowsocks的加密方式，中转机出站以及落地机入站vless的tlsSettings里的cipherSuites没有指定

Nanyu · Answer 4 · Sun Jan 08 2023 21:56:04 GMT+0800 (China Standard Time)

😅( it is good time to play transparent straw man. You can't see us, you can't see. You must tell yourself. ) Jan 8, 2023 21:52:15 kmb21y66 ***@***.***>:

…

Golang officially will support tls1.3 cipher suit configuration if TLS 1.3 ecosystem request explicitly, which has not happened until now. 这里描述的chacha20-ietf-poly1305并不是xtls的加密套件，而是中转机入站shadowsocks的加密方式，中转机出站以及落地机入站vless的tlsSettings里的cipherSuites没有指定 — Reply to this email directly, view it on GitHub[#1500 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYEOS4JTHNNG3NQG3DTWRLBA7ANCNFSM6AAAAAATUSFK4I]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYHMA3W6IJ5OROZBBUTWRLBA7A5CNFSM6AAAAAATUSFK4KWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSR6JVRY.gif]