Shadow TLS

A proxy to expose real tls handshake to the firewall.

It works like trojan but it does not require signing certificate. The firewall will see real tls handshake with valid certificate that you choose.

Run

Check comments in docker-compose.yml.

How it Works

On client side, just do tls handshake. And for server, we have to relay data as well as parsing tls handshake to handshaking server which will provide valid certificate. We need to know when the tls handshaking is finished. Once finished, we can relay data to our real server.

Note

This project relies on Monoio which is a high performance rust async runtime with io_uring. However, it does not support windows yet. So this project does not support windows.

However, if this project is used widely, we will support it by conditional compiling.