mirror of
https://github.com/SagerNet/sing-box.git
synced 2025-04-04 12:27:36 +03:00
Migrate to stdlib ECH support
This commit is contained in:
parent
6a4ae71992
commit
e56e6f9565
34 changed files with 667 additions and 897 deletions
|
@ -1,3 +1,12 @@
|
|||
---
|
||||
icon: material/alert-decagram
|
||||
---
|
||||
|
||||
!!! quote "Changes in sing-box 1.12.0"
|
||||
|
||||
:material-delete-clock: [ech.pq_signature_schemes_enabled](#pq_signature_schemes_enabled)
|
||||
:material-delete-clock: [ech.dynamic_record_sizing_disabled](#dynamic_record_sizing_disabled)
|
||||
|
||||
!!! quote "Changes in sing-box 1.10.0"
|
||||
|
||||
:material-alert-decagram: [utls](#utls)
|
||||
|
@ -34,10 +43,13 @@
|
|||
},
|
||||
"ech": {
|
||||
"enabled": false,
|
||||
"pq_signature_schemes_enabled": false,
|
||||
"dynamic_record_sizing_disabled": false,
|
||||
"key": [],
|
||||
"key_path": ""
|
||||
"key_path": "",
|
||||
|
||||
// Deprecated
|
||||
|
||||
"pq_signature_schemes_enabled": false,
|
||||
"dynamic_record_sizing_disabled": false
|
||||
},
|
||||
"reality": {
|
||||
"enabled": false,
|
||||
|
@ -72,10 +84,12 @@
|
|||
"certificate_path": "",
|
||||
"ech": {
|
||||
"enabled": false,
|
||||
"pq_signature_schemes_enabled": false,
|
||||
"dynamic_record_sizing_disabled": false,
|
||||
"config": [],
|
||||
"config_path": ""
|
||||
"config_path": "",
|
||||
|
||||
// Deprecated
|
||||
"pq_signature_schemes_enabled": false,
|
||||
"dynamic_record_sizing_disabled": false
|
||||
},
|
||||
"utls": {
|
||||
"enabled": false,
|
||||
|
@ -246,16 +260,22 @@ Chrome fingerprint will be used if empty.
|
|||
ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello
|
||||
message.
|
||||
|
||||
The ECH key and configuration can be generated by `sing-box generate ech-keypair [--pq-signature-schemes-enabled]`.
|
||||
The ECH key and configuration can be generated by `sing-box generate ech-keypair`.
|
||||
|
||||
#### pq_signature_schemes_enabled
|
||||
|
||||
!!! failure "Deprecated in sing-box 1.12.0"
|
||||
|
||||
ECH support has been migrated to use stdlib in sing-box 1.12.0, which does not come with support for PQ signature schemes, so `pq_signature_schemes_enabled` has been deprecated and no longer works.
|
||||
|
||||
Enable support for post-quantum peer certificate signature schemes.
|
||||
|
||||
It is recommended to match the parameters of `sing-box generate ech-keypair`.
|
||||
|
||||
#### dynamic_record_sizing_disabled
|
||||
|
||||
!!! failure "Deprecated in sing-box 1.12.0"
|
||||
|
||||
`dynamic_record_sizing_disabled` has nothing to do with ECH, was added by mistake, has been deprecated and no longer works.
|
||||
|
||||
Disables adaptive sizing of TLS records.
|
||||
|
||||
When true, the largest possible TLS record size is always used.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue