Xray-core
Xray-core copied to clipboard
使用 Xray-core进行Http代理时,会导致ECH(Encrypted Client Hello)无法使用。
配置如下的路由信息,确保所有链接都是直连:
[ { "port": "0-65535", "inboundTag": [], "outboundTag": "direct", "enabled": true } ]
在浏览器设置好xray-core的http代理地址:
并配置好设置开启ECH后,访问如下ECH测试网站:
https://tls-ech.dev/ https://defo.ie/ech-check.php
结果都显示没有使用ECH,不知道为何过了一到手后就没法使用ECH了?
完整配置:
{
"policy": {
"system": {
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [
{
"tag": "socks",
"port": 10808,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
},
{
"tag": "http",
"port": 10809,
"listen": "127.0.0.1",
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
},
{
"tag": "socks2",
"port": 10810,
"listen": "0.0.0.0",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
},
{
"tag": "http2",
"port": 10811,
"listen": "0.0.0.0",
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
},
{
"tag": "api",
"port": 63597,
"listen": "127.0.0.1",
"protocol": "dokodemo-door",
"settings": {
"udp": false,
"address": "127.0.0.1",
"allowTransparent": false
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
// 隐藏
]
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
// 隐藏
}
}
},
"mux": {
"enabled": true,
"concurrency": 8
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
}
],
"stats": {},
"api": {
"tag": "api",
"services": [
"StatsService"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"domainMatcher": "mph",
"rules": [
{
"type": "field",
"inboundTag": [
"api"
],
"outboundTag": "api",
"enabled": true
},
{
"type": "field",
"port": "0-65535",
"inboundTag": [],
"outboundTag": "direct",
"enabled": true
}
]
}
}
Possible Solution
ECH 的原理是把 server hello 里的信息 提前到 dns 这一步发给 client 也就是说 client 必须自己处理 dns 才能生效