Xray-core icon indicating copy to clipboard operation
Xray-core copied to clipboard

Published 20 hours ago verified publisher icon XTLS

mtls 雙向驗證

Open yuguanching opened this issue 2 years ago • 1 comments
trafficstars

想請問各位大佬 目前xray 有在vless + tls 出站或是訪問dns時 允許設定雙向tls驗證的功能嗎?

yuguanching avatar Jan 09 '23 09:01 yuguanching

usage https://xtls.github.io/config/transport.html#tlsobject

xqzr avatar Jan 09 '23 14:01 xqzr

有的 這個篇章我有先閱讀過 之前tlsSettings 若有設 certificates 都是針對「將xray作為服務端時」的inbound節點做設定

那如果今天是要搞雙向tls驗證

是要將tlsSettings的certificates, 設定在「將xray作為客戶端」的outbound裡面嗎? 目前尚未找到這樣設定的先例 個人嘗試也並未試出效果

yuguanching avatar Jan 10 '23 01:01 yuguanching

在客户端的outbound中配置好CA证书,将usage设置为verify

HeXis-YS avatar Jan 12 '23 15:01 HeXis-YS 

tlsSettings": {
          "certificates": [
            {
              "certificate": [
                "-----BEGIN CERTIFICATE-----",
                "...",
                "-----END CERTIFICATE-----"
              ],
              "usage": "verify"
            }

We set this in client, though we think it is single direction certification, not bidirectional. @nekohasekai תודה אתה

cross-hello avatar Jan 12 '23 15:01 cross-hello

certificates is array

xqzr avatar Jan 13 '23 13:01 xqzr