-
Notifications
You must be signed in to change notification settings - Fork 264
V3 Protocol
ihc童鞋@提不起劲 edited this page Mar 9, 2023
·
8 revisions
Unstable now. Protocol and implementation may change.
V3 protocol is designed to:
- Defense against traffic hijacking
- Better traffic camouflage
- Easier to implement correctly
Not to:
- Encrypt traffic
- Provides forward security
You must use releases after v0.2.14. Download newest release or docker-compose pull
.
If enabled, it must be enabled on both sides.
- For command line users, add
--v3
parameter. - For docker users, add
V3=1
environment.
Note: V3 protocol will be enabled by default on next major version(But you will be still able to use v2 by adding --v2
).
Limitation: V3 protocol only support handshake server with TLS1.3. Use openssl s_client -tls1_3 -connect example.com:443
to check if TLS1.3 is supported.
- mp.weixin.qq.com
- coding.net
- upyun.com
- sns-video-hw.xhscdn.com
- sns-img-qc.xhscdn.com
- sns-video-qn.xhscdn.com
- p9-dy.byteimg.com
- p6-dy.byteimg.com
- feishu.cn
- douyin.com
- toutiao.com
- v6-dy-y.ixigua.com
- hls3-akm.douyucdn.cn
- publicassets.cdn-apple.com
- weather-data.apple.com
- ...
Versions | V1 | V2 | V3(loosy) | V3(strict) |
---|---|---|---|---|
TLS Handshake | ✅ | ✅ | ✅ | ✅ |
TLS Traffic Encapsulation | ❌ | ✅ | ✅ | ✅ |
TLS Alert | ❌ | ❌ | ✅ | ✅ |
Traffic Integrity Check | ❌ | ❌ | ✅ | ✅ |
Server Auth | ❌ | ✅ | ✅ | ✅ |
Client Auth | ❌ | ❌ | ✅ | ✅ |
Anti Replay | ✅ | ✅ | ✅ | ✅ |
Anti Active Detection | ❌ | ✅ | ✅ | ✅ |
Anti Hijacking | ❌ | ❌ | ❓* | ✅ |
Support TLS1.2 Handshake Server | ✅ | ✅ | ✅ | ❌ |
Support TLS1.3 Handshake Server | ✅ | ✅ | ✅ | ✅ |
*V3 loosy mode is able to defend against hijacking only if using TLS1.3 Handshake Server.