Could you make a tls-plugin?

Question

Could you make a tls-plugin?

ygcaicn opened this issue 4 years ago · 3 comments

The plugin only wrap the shadowsocks packages in https packages

In this case, cooperate with haproxy on the server side, haproxy handles tls unpacking, and then passes it to ss-server, it should be able to obtain higher performance than v2ray-plugin.
Thanks!

Answer 1 · 2020-06-16T11:00:38.000Z

Could you make a tls-plugin?

The plugin only wrap the shadowsocks packages in https packages

In this case, cooperate with haproxy on the server side, haproxy handles tls unpacking, and then passes it to ss-server, it should be able to obtain higher performance than v2ray-plugin.
Thanks!

TLS unpacking can be handled by other web services like Apache or Nginx.
On the server side, both v2ray and ss-libev can be connected to those services through websocket.
They tend to be very efficient. Not sure what exactly are you looking for.

Answer 2 · 2020-06-16T15:46:37.000Z

Could you make a tls-plugin?
The plugin only wrap the shadowsocks packages in https packages
In this case, cooperate with haproxy on the server side, haproxy handles tls unpacking, and then passes it to ss-server, it should be able to obtain higher performance than v2ray-plugin.
Thanks!

TLS unpacking can be handled by other web services like Apache or Nginx.
On the server side, both v2ray and ss-libev can be connected to those services through websocket.
They tend to be very efficient. Not sure what exactly are you looking for.

I don't want the tls over ws over shadowsocks, I want the tls strictly over shadowsocks. On the server side, using ws, Nginx works at the HTTP layer to distribute. But what I want is to use haproxy to shunt at the tcp layer, similar to V2ray's shunt https://guide.v2fly.org/advanced/tcp_tls_shunt_proxy.html

haproxy

listen: 0.0.0.0:443
vhosts:
  - name: example.com
    tlsoffloading: true
    managedcert: true
    alpn: h2,http/1.1
    protocols: tls12,tls13
    http:
      handler: fileServer
      args: /var/www/html
    default:
      handler: proxyPass
      args: 127.0.0.1:40001

shadowsocks server works on 40001.

But I don't have a suitable client plugin to make it work.

Answer 3 · 2020-06-16T16:23:29.000Z

Oh. I see what you are trying to say......

Basically, what you want is not to use https, instead, TLS only....
That makes no sense at all.
TLS is for encryption. A TLS package by itself has very high entropy. Which can be targeted by GFW.

This whole idea is to trick GFW to consider your traffic as a normal internet browsing traffic.

What you did is merely a double layer encryption.... Since xchacha is already good enough, why bother adding another layer....

I think we can close this. You misunderstand the purpose of this project.