ihc童鞋@提不起劲
ihc童鞋@提不起劲
试了下确实 ok。 添加 Shadowsocks 插件,正常填写对应配置;插件处选择 shadow-tls,地址和端口留空,版本选择 2,填入密码和 Host 即可(Host 与 server 端配置对齐,只写域名,不包含端口)。 Server 端搭建可以参考 https://github.com/ihciah/shadow-tls/wiki/Run-with-docker-compose
(不过试了下,性能优点捉急,1M 跑不到,感觉是有 bug
握手服务器选择就近的试试
是指国外服务器。可以在服务器上通过ping(简易)或curl(更精确)测量延迟。
总延迟是 往返次数×(你到服务器延迟+服务器到握手服务器延迟)。 通过选用离你的服务器更近的握手服务器,可以尽可能地减少一部分延迟;换用支持tls1.3的握手服务器会减少往返次数,也会大大降低延迟。对tls的支持性可以用openssl命令行工具测试。
If it works, I think you can just ignore the warning. After a glance of shadowsocks-rust, it seems the warning(or error) comes from [here](https://github.com/shadowsocks/shadowsocks-rust/blob/master/crates/shadowsocks/src/relay/tcprelay/aead_2022.rs#L303). I believe this is a problem...
And as I mentioned in my blog [article](https://www.ihcblog.com/a-better-tls-obfs-proxy/), trojan-go mis-uses `read` too([code link](https://github.com/p4gefau1t/trojan-go/blob/master/tunnel/trojan/server.go#L65) ). In most cases it works, but in fact you cannot assume that.
> It's not a bug. This behavior is mandated by the Shadowsocks 2022 spec: https://github.com/Shadowsocks-NET/shadowsocks-specs/blob/main/2022-1-shadowsocks-2022-edition.md#313-detection-prevention This is absolutely fine if the underlying transport is dataframe; or, still using tcp but...
Ok I see. > After a short write, linux kernel will keep the data for a very short while, and waiting for more data to make it more efficient. If...
In theory it is possible to make it work. In my implementation I only make sure read and write to shadow-tls server not have data length characteristic to defend active...