SagerNet/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2025-04-04 12:27:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

Migrate to stdlib ECH support

Browse source
This commit is contained in:
世界 2025-02-22 08:00:59 +08:00
parent 6a4ae71992
commit e56e6f9565
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
34 changed files with 667 additions and 897 deletions
Download patch file Download diff file Expand all files Collapse all files

38
docs/configuration/shared/tls.md
View file

@ -1,3 +1,12 @@
---
icon: material/alert-decagram
---
!!! quote "Changes in sing-box 1.12.0"
:material-delete-clock: [ech.pq_signature_schemes_enabled](#pq_signature_schemes_enabled)
:material-delete-clock: [ech.dynamic_record_sizing_disabled](#dynamic_record_sizing_disabled)
!!! quote "Changes in sing-box 1.10.0"
:material-alert-decagram: [utls](#utls)
@ -34,10 +43,13 @@
},
"ech": {
"enabled": false,
"pq_signature_schemes_enabled": false,
"dynamic_record_sizing_disabled": false,
"key": [],
"key_path": ""
"key_path": "",
// Deprecated
"pq_signature_schemes_enabled": false,
"dynamic_record_sizing_disabled": false
},
"reality": {
"enabled": false,
@ -72,10 +84,12 @@
"certificate_path": "",
"ech": {
"enabled": false,
"pq_signature_schemes_enabled": false,
"dynamic_record_sizing_disabled": false,
"config": [],
"config_path": ""
"config_path": "",
// Deprecated
"pq_signature_schemes_enabled": false,
"dynamic_record_sizing_disabled": false
},
"utls": {
"enabled": false,
@ -246,16 +260,22 @@ Chrome fingerprint will be used if empty.
ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
message.
The ECH key and configuration can be generated by `sing-box generate ech-keypair [--pq-signature-schemes-enabled]`.
The ECH key and configuration can be generated by `sing-box generate ech-keypair`.
#### pq_signature_schemes_enabled
!!! failure "Deprecated in sing-box 1.12.0"
ECH support has been migrated to use stdlib in sing-box 1.12.0, which does not come with support for PQ signature schemes, so `pq_signature_schemes_enabled` has been deprecated and no longer works.
Enable support for post-quantum peer certificate signature schemes.
It is recommended to match the parameters of `sing-box generate ech-keypair`.
#### dynamic_record_sizing_disabled
!!! failure "Deprecated in sing-box 1.12.0"
`dynamic_record_sizing_disabled` has nothing to do with ECH, was added by mistake, has been deprecated and no longer works.
Disables adaptive sizing of TLS records.
When true, the largest possible TLS record size is always used.