bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-02-23 02:25:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
758 Commits 4 Branches 29 Tags 2.5 MiB
013d4bc333
Commit Graph

758 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vladimir Dubrovin
013d4bc333 tlspr (SNI proxy) implemented 
Options -cN - level of TLS check
default - allow non-TLS traffic
1 - require TLS, only check client HELLO packet
2 - require TLS, check both client and server HELLO
3 - require TLS, check server send certificate (not compatible with TLS 1.3)
4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
-P - default port

examples:

1.
tlspr -p1443 -P443 -c1
(port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host

2.
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * * CONNECT
parent 1000 tls 0.0.0.0 0
deny * * some.not.allowed.host
allow *
socks

attempts to take destination hostname from SNI in SOCKS
 2024-05-20 13:01:38 +03:00
Vladimir Dubrovin
29ef226b3c Обновлена документация 2024-03-10 17:01:54 +03:00
Vladimir Dubrovin
d347f0a058 More TLS commands added, ssl_srvkey / ssl_srvfile renamed 
ssl_server_cert - certificate for SSL server (rename from ssl_srvkey)
ssl_server_key - key for ssl_server_cert of generated mirm certificate (renamed from ssl_srvkey)
ssl_server_ca_file - CA file for mitm
ssl_server_ca_key - key for mitm CA
ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client
ssl_certcache is not optional, if ssl_server_ca_file / ssl_server_ca_key are configured
 2024-03-10 16:20:42 +03:00
Vladimir Dubrovin
a316622a85 Added multiple TLS configuration parameters for SSLPlugin 
ssl_client_ciphersuites - TLS client ciphers for TLS 1.3, e.g. ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
ssl_server_ciphersuites - TLS server ciphers for TLS 1.3
ssl_client_cipher_list - TLS client ciphers for TLS 1.2 and below , e.g. ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl_server_cipher_list - TLS server ciphers for TLS 1.2 and below
ssl_client_min_proto_version - TLS client min TLS version (e.g. TLSv1.2)
ssl_server_min_proto_version - TLS server min TLS version (e.g. TLSv1.2)
ssl_client_max_proto_version - TLS client max TLS version (e.g. TLSv1.2)
ssl_server_max_proto_version - TLS server max TLS version (e.g. TLSv1.2)
ssl_client_verify - verify certificate for upstream server in TLS client functionality
ssl_client_no_verify - do not verify certificate for upstream server in TLS client functionality (default)
 2024-03-10 13:36:40 +03:00
Vladimir Dubrovin
d87241c487 Keep TLS server context 2024-03-09 18:37:44 +03:00
Vladimir Dubrovin
144af547fb Keep TLS client context between requests 2024-03-09 16:23:03 +03:00
Vladimir Dubrovin
35d1de6f5e Ffix use-after-free in freeparam 2024-02-22 17:30:50 +03:00
Vladimir Dubrovin
a592f07783 Update SSLPlugin documentation 2024-02-19 00:13:08 +03:00
Vladimir Dubrovin
161cbbd452 fix crash on insufficient memory 2024-02-18 23:54:31 +03:00
Vladimir Dubrovin
067fdd7f95 support ssl_serv / ssl_noserv commands 
example:
plugin /path/to/SSLPlugin.so ssl_plugin
ssl_srvcert path_to_cert
ssl_srvkey path_to_key
ssl_serv
proxy -p33128
ssl_noserv
proxy -p3128
 2024-02-18 23:42:09 +03:00
Vladimir Dubrovin
d77e528847 minor fixes 2024-02-18 20:18:31 +03:00
Vladimir Dubrovin
2b4d8e67e4 Do not store CA cert subject 2024-02-18 19:53:35 +03:00
Vladimir Dubrovin
375e3a74d0 call local socket function 2024-02-18 19:41:45 +03:00
Vladimir Dubrovin
6dc145b16b initial commit to TLS refactoring 2024-02-18 19:07:09 +03:00
Vladimir Dubrovin
d162ad5c38 Fix windows issues 2024-02-17 18:53:58 +03:00
Vladimir Dubrovin
8198db8617 adding state to socket functions 2024-02-17 17:31:25 +03:00
Vladimir Dubrovin
d83c1f47f8 Rollback commit in the wrong branch 2024-02-17 13:18:14 +03:00
Vladimir Dubrovin
20a929ca53 Add per-service sockfuncs 2024-02-17 12:57:36 +03:00
Vladimir Dubrovin
a80bef9ecf
Merge pull request #978 from tautschnig/fix-decls 
Fix plugin declarations of hashindex and nametohash
 2023-10-11 17:00:48 +03:00
Michael Tautschnig
687ebafb1b Fix plugin declarations of hashindex and nametohash 
Plugins using these would fail to provide the required arguments.
 2023-10-11 10:00:47 +00:00
Vladimir Dubrovin
5e2b2a399e clean up warnings 2023-07-13 15:29:26 +03:00
Vladimir Dubrovin
5f341806b7 Deadloc on traffcount fixed 2023-07-13 13:13:36 +03:00
Vladimir Dubrovin
00513a7d28 eliminate redundant code in previous fix 2023-07-12 17:21:46 +03:00
Vladimir Dubrovin
dc7e098e6b Support request filters for SOCKS, support broken BIND request from some clients 2023-07-12 15:55:50 +03:00
Vladimir Dubrovin
8b57982a09 Fix FreeBSD install 2023-06-10 12:22:59 +03:00
Vladimir Dubrovin
cebb45c095 Fix FreeBSD install secrion 2023-06-01 11:42:16 +03:00
Vladimir Dubrovin
13979b5df4 Allow hostnames in parent 2023-04-26 15:05:47 +03:00
Vladimir Dubrovin
782878b5b4 Fix github links 2023-04-26 15:04:24 +03:00
Vladimir Dubrovin
6532163f01 Fix connlim issues 2023-04-26 15:04:00 +03:00
Vladimir Dubrovin
862405bdfd set linger close to setsockopt 2022-12-23 17:58:15 +03:00
Vladimir Dubrovin
c716c67da2
Merge pull request #840 from DanWin/increase-listen-backlog 
Add backlog configuration
 2022-11-08 19:51:40 +03:00
Daniel Winzen
b94e1fc01f
Few more changes 2022-11-08 16:02:47 +01:00
Daniel Winzen
cc0fd518bd
Incorporate feedback from z3APA3A 2022-11-08 15:42:04 +01:00
Daniel Winzen
9a6908e623
Add backlog config option 2022-11-08 15:04:19 +01:00
Daniel Winzen
65e57a251d
Clarify use of maxconn in man page 2022-11-08 13:25:05 +01:00
Daniel Winzen
25c375a78a
Increase backlog of listening sockets to match maxconn 2022-11-03 23:24:25 +01:00
Vladimir Dubrovin
a22e2be77b
Merge pull request #838 from DanWin/linux-tcp-fastopen 
Add support for TCP_FASTOPEN_CONNECT and TCP_FASTOPEN socket options
 2022-11-02 10:57:40 +03:00
Daniel Winzen
8a160dd188
Add support for TCP_FASTOPEN_CONNECT and TCP_FASTOPEN socket options (linux) 2022-11-01 20:11:26 +01:00
Vladimir Dubrovin
fb56b7d307 "auto" command added 2022-10-18 17:58:52 +03:00
Vladimir Dubrovin
5165a4d5bd prevent use-after-free in smtpp 2022-08-31 14:34:48 +03:00
Vladimir Dubrovin
bac19c9ae6 Close service only after config mutex unlocked on reload 2022-08-12 19:18:52 +03:00
Vladimir Dubrovin
c98621aeef Always select between IPV6_BOUND_IF and IP_BOUND_IF 2022-06-29 10:35:17 +03:00
Vladimir Dubrovin
3dc698eccd Fix compilation issues 2022-06-29 10:18:36 +03:00
Vladimir Dubrovin
c1beceb24b Support IP_BOUND_IF on MacOS 2022-06-28 12:50:48 +03:00
Vladimir Dubrovin
4ad05d1565 add handleredirect() to symbols 2022-06-24 10:44:28 +03:00
Vladimir Dubrovin
55d1bbe155 Grace delay feature added 
`proxy -g8000,3,10`

First parameter is average read size we want to keep, second parameter is
minimal number of packets in the same direction to apply algorythm,
last value is delay added after polling and prior to reading data.
An example above adds 10 millisecond delay before reading data if average
polling size is below 8000 bytes and 3 read operations are made in the same
direction. It's specially usefule with splice. `logdump 1 1` is useful
to see how grace delays work, choose delay value to avoid filling the read
pipe/buffer (typically 64K) but keep the request sizes close to chosen average
on large file upload/download.
 2022-05-19 18:51:02 +03:00
Vladimir Dubrovin
8a8622b30f FIX: SSLPlugin for tcppm 2022-05-19 15:42:18 +03:00
Vladimir Dubrovin
1cf169b7ae FIX: SSLPlugin with SOCKS 2022-05-19 13:26:52 +03:00
Vladimir Dubrovin
d20e76bbc9 FIX: SSLPlugin with http proxy 2022-05-19 11:49:19 +03:00
Vladimir Dubrovin
468124f55c Fix SSLPlugin with HTTP proxy 2022-05-18 18:14:24 +03:00