bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-04-19 18:50:12 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Check OpenSSL version for SNI/TLS 1.3/alpn
Some checks failed
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Has been cancelled
Details
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-latest) (push) Has been cancelled
Details
C/C++ CI MacOS / ${{ matrix.target }} (macos-15) (push) Has been cancelled
Details
C/C++ CI Windows / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
Details
C/C++ CI cmake / ${{ matrix.target }} (macos-15) (push) Has been cancelled
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Has been cancelled
Details
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-latest) (push) Has been cancelled
Details
C/C++ CI cmake / ${{ matrix.target }} (windows-2022) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Vladimir Dubrovin 2026-04-14 17:36:35 +03:00
parent 454f5e1d54
commit 4c0e3a1bac
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -140,7 +140,8 @@ sudo launchctl unload /Library/LaunchDaemons/org.3proxy.3proxy.plist
### 1. General ### 1. General
- IPv6 support for incoming and outgoing connection, can be used as a proxy between IPv4 and IPv6 networks in either direction - IPv4 / IPv6 support for incoming and outgoing connection, can be used as a proxy between IPv4 and IPv6 networks in either direction
- Unix domain sockets support
- HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support - HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support
- HTTPS (CONNECT) proxy (compatible with HTTP/2 / SPDY) - HTTPS (CONNECT) proxy (compatible with HTTP/2 / SPDY)
- Anonymous and random client IP emulation for HTTP proxy mode - Anonymous and random client IP emulation for HTTP proxy mode
@ -153,7 +154,7 @@ sudo launchctl unload /Library/LaunchDaemons/org.3proxy.3proxy.plist
- SOCKSv5 UDP and BIND support (fully compatible with SocksCAP/FreeCAP for UDP) - SOCKSv5 UDP and BIND support (fully compatible with SocksCAP/FreeCAP for UDP)
- Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP - Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP
- SNI proxy (based on TLS hostname) - SNI proxy (based on TLS hostname)
- TLS (SSL) server - may be used as https:// type proxy - TLS (SSL) server and client, 3proxy may be used as https:// type proxy or stunnel replacement
- POP3 Proxy - POP3 Proxy
- FTP proxy - FTP proxy
- TCP port mapper (port forwarding) - TCP port mapper (port forwarding)

9
src/plugins/SSLPlugin/ssl_plugin.c
View File

@ -274,8 +274,9 @@ SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config,
*errSSL = getSSLErr(); *errSSL = getSSLErr();
return NULL; return NULL;
} }
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL
if(hostname && *hostname)SSL_set_tlsext_host_name(conn->ssl, hostname); if(hostname && *hostname)SSL_set_tlsext_host_name(conn->ssl, hostname);
#endif
do { do {
struct pollfd fds[1] = {{}}; struct pollfd fds[1] = {{}};
@ -520,7 +521,9 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke
if(config->server_min_proto_version)SSL_CTX_set_min_proto_version(ctx, config->server_min_proto_version); if(config->server_min_proto_version)SSL_CTX_set_min_proto_version(ctx, config->server_min_proto_version);
if(config->server_max_proto_version)SSL_CTX_set_max_proto_version(ctx, config->server_max_proto_version); if(config->server_max_proto_version)SSL_CTX_set_max_proto_version(ctx, config->server_max_proto_version);
if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list); if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list);
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites); if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites);
#endif
if(config->server_verify){ if(config->server_verify){
if(config->server_ca_file || config->server_ca_dir){ if(config->server_ca_file || config->server_ca_dir){
SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir); SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir);
@ -672,8 +675,12 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
if(sc->client_min_proto_version)SSL_CTX_set_min_proto_version(sc->srv_ctx, sc->client_min_proto_version); if(sc->client_min_proto_version)SSL_CTX_set_min_proto_version(sc->srv_ctx, sc->client_min_proto_version);
if(sc->client_max_proto_version)SSL_CTX_set_max_proto_version(sc->srv_ctx, sc->client_max_proto_version); if(sc->client_max_proto_version)SSL_CTX_set_max_proto_version(sc->srv_ctx, sc->client_max_proto_version);
if(sc->client_cipher_list)SSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_cipher_list); if(sc->client_cipher_list)SSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_cipher_list);
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
if(sc->client_ciphersuites)SSL_CTX_set_ciphersuites(sc->srv_ctx, sc->client_ciphersuites); if(sc->client_ciphersuites)SSL_CTX_set_ciphersuites(sc->srv_ctx, sc->client_ciphersuites);
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10200000L
if(sc->client_alpn_protos.protos_len)SSL_CTX_set_alpn_protos(sc->srv_ctx, sc->client_alpn_protos.protos, sc->client_alpn_protos.protos_len); if(sc->client_alpn_protos.protos_len)SSL_CTX_set_alpn_protos(sc->srv_ctx, sc->client_alpn_protos.protos, sc->client_alpn_protos.protos_len);
#endif
if(sc->client_verify){ if(sc->client_verify){
if(sc->client_ca_file || sc->client_ca_dir){ if(sc->client_ca_file || sc->client_ca_dir){
SSL_CTX_load_verify_locations(sc->srv_ctx, sc->client_ca_file, sc->client_ca_dir); SSL_CTX_load_verify_locations(sc->srv_ctx, sc->client_ca_file, sc->client_ca_dir);