Could you make a tls-plugin?
ygcaicn opened this issue · 3 comments
Could you make a tls-plugin?
The plugin only wrap the shadowsocks packages in https packages
In this case, cooperate with haproxy on the server side, haproxy handles tls unpacking, and then passes it to ss-server, it should be able to obtain higher performance than v2ray-plugin.
Thanks!
Could you make a tls-plugin?
The plugin only wrap the shadowsocks packages in https packages
In this case, cooperate with haproxy on the server side, haproxy handles tls unpacking, and then passes it to ss-server, it should be able to obtain higher performance than v2ray-plugin.
Thanks!
TLS unpacking can be handled by other web services like Apache or Nginx.
On the server side, both v2ray and ss-libev can be connected to those services through websocket.
They tend to be very efficient. Not sure what exactly are you looking for.
Could you make a tls-plugin?
The plugin only wrap the shadowsocks packages in https packages
In this case, cooperate with haproxy on the server side, haproxy handles tls unpacking, and then passes it to ss-server, it should be able to obtain higher performance than v2ray-plugin.
Thanks!TLS unpacking can be handled by other web services like Apache or Nginx.
On the server side, both v2ray and ss-libev can be connected to those services through websocket.
They tend to be very efficient. Not sure what exactly are you looking for.
I don't want the tls over ws over shadowsocks, I want the tls strictly over shadowsocks. On the server side, using ws, Nginx works at the HTTP layer to distribute. But what I want is to use haproxy to shunt at the tcp layer, similar to V2ray's shunt https://guide.v2fly.org/advanced/tcp_tls_shunt_proxy.html
haproxy
listen: 0.0.0.0:443
vhosts:
- name: example.com
tlsoffloading: true
managedcert: true
alpn: h2,http/1.1
protocols: tls12,tls13
http:
handler: fileServer
args: /var/www/html
default:
handler: proxyPass
args: 127.0.0.1:40001
shadowsocks server works on 40001.
But I don't have a suitable client plugin to make it work.
Oh. I see what you are trying to say......
Basically, what you want is not to use https, instead, TLS only....
That makes no sense at all.
TLS is for encryption. A TLS package by itself has very high entropy. Which can be targeted by GFW.
This whole idea is to trick GFW to consider your traffic as a normal internet browsing traffic.
What you did is merely a double layer encryption.... Since xchacha is already good enough, why bother adding another layer....
I think we can close this. You misunderstand the purpose of this project.