v2ray体验tls1.3

[lgcde]

根据惯例， Go 1.12 的发布时间将会是 2019.02~03. 如果期间你实在想用 Go 编程测试 TLS 1.3, 可以尝试使用 CloudFlare 的 tls-tris 库。根据 Go net/http 标准库维护者 Brad Fitzpatrick 的消息，这个库将会被合并到标准库作为 Go 官方 TLS 1.3 的实现。信息来源
golang/go@c21ba09

安装bazel
sudo apt-get -y install openjdk-8-jdk
echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list
curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add -
sudo apt-get update && sudo apt-get -y install bazel

编译安装golang(master)
mkdir -p /go_master/gopath && cd /go_master
snap install go --classic
git clone https://go.googlesource.com/go
cd go
git checkout master
cd src
./all.bash

成功编译后，加入到PATH环境变量
echo "
export PATH=/go_master/go/bin/:$PATH
export GOROOT=/go_master/go
export GOPATH=/go_master/gopath
" >> /etc/profile
source /etc/profile

执行go version，检查安装情况,应该会出现提示:go version devel +22dbc96d8a Tue Nov 27 09:26:16 2018 +0000 linux/amd64

拉取 V2Ray 源代码
go get -u v2ray.com/core/...
go get -u v2ray.com/ext/...

修改本地文件 /go_master/gopath/src/v2ray.com/core/transport/internet/tls/config.go

v2ray-core/transport/internet/tls/config.go

Line 157 in 096bbd2

if !c.AllowInsecureCiphers && len(config.CipherSuites) == 0 {

这段修改为以下内容:
config.CipherSuites = []uint16{
tls.TLS_CHACHA20_POLY1305_SHA256,
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_AES_128_GCM_SHA256,
}

编译
cd $GOPATH/src/v2ray.com/core
bazel build --action_env=GOPATH=$GOPATH --action_env=PATH=$PATH //release:v2ray_linux_amd64_package
cd $GOPATH/src/v2ray.com/core
bazel build --action_env=GOPATH=$GOPATH --action_env=PATH=$PATH //release:v2ray_windows_amd64_package

查找release压缩包路径 find / -name v2ray-*

编译其他平台版本参考:
配置开发环境
https://github.com/v2ray/v2ray-core/blob/e24c1fd02aa2f02b8fc5c2580b589098eb5c6016/release/BUILD

[lgcde]

附caddy+tls1.3
caddyserver/caddy#2080 (comment)

[Balnea]

待会去试试！！希望官方版本也尽快更新！

[cjjdaq]

有没有简单一点的办法,编译go时间太久了...

[LsnmxNB]

@lgcde tls1.3 协议实际速度能比TCP比吗

[Cwek]

@lgcde tls1.3 协议实际速度能比TCP比吗

TLS承载于TCP之上，你说呢？小白，先把计算机网络基础看一遍再说话吧。

[Cwek]

有没有简单一点的办法,编译go时间太久了...

编译是很费时的，找台好些的机器进行编译。我试过编译Linux内核，也要花半天时间。

[LsnmxNB]

@Cwek 大白你这么牛逼，给小白上上课啊

[wswaw]

@LsnmxNB 淡定淡定~人不能咬🐶啊

[LsnmxNB]

@wswaw 小弟淡定得很，哈哈

[gamefunc]

@lgcde tls1.3 协议实际速度能比TCP比吗

你这问题就如同在问迅雷比TCP快吗一样.一个是应用层的一个事传输层的...你得自己去补OSI或者TCP/IP模型的课.不然发言会让人感觉莫名其妙

[Cwek]

@lgcde tls1.3 协议实际速度能比TCP比吗

你这问题就如同在问迅雷比TCP快吗一样.一个是应用层的一个事传输层的...你得自己去补OSI或者TCP/IP模型的课.不然发言会让人感觉莫名其妙

就是这样了。

@LsnmxNB @wswaw
当然淡定呢，蠢到只🐷。😅

[LsnmxNB]

@Cwek 顶你个肺，你只7头

[SAPikachu]

使用 Docker 编译会比较简单：

git clone https://github.com/v2ray/v2ray-core.git
cd v2ray-core
git checkout v4.9.0

# ... 按照原帖方法编辑 transport/internet/tls/config.go  ...

docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp -v $PWD/.gopath:/go -e GOPATH=/go golang:1.12-rc-stretch bash -c 'go get -u v2ray.com/core/... && go get -u v2ray.com/ext/... && go build -o $GOPATH/bin/v2ray v2ray.com/core/main && go build -o $GOPATH/bin/v2ctl v2ray.com/ext/tools/control/main'
./.gopath/bin/v2ray --version
./.gopath/bin/v2ctl

[Yaspee]

@cjjdaq

有没有简单一点的办法,编译go时间太久了...

golang 现已释出 go1.12beta1 的二进制文件
见 https://golang.org/dl/ 页面最下方

[Scyllaly]

期待释放支持tls1.3版本

[winds365]

根据惯例， Go 1.12 的发布时间将会是 2019.02~03. 如果期间你实在想用 Go 编程测试 TLS 1.3, 可以尝试使用 CloudFlare 的 tls-tris 库。根据 Go net/http 标准库维护者 Brad Fitzpatrick 的消息，这个库将会被合并到标准库作为 Go 官方 TLS 1.3 的实现。信息来源
golang/go@c21ba09

安装bazel
sudo apt-get -y install openjdk-8-jdk
echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list
curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add -
sudo apt-get update && sudo apt-get -y install bazel

编译安装golang(master)
mkdir -p /go_master/gopath && cd /go_master
snap install go --classic
git clone https://go.googlesource.com/go
cd go
git checkout master
cd src
./all.bash

成功编译后，加入到PATH环境变量
echo "
export PATH=/go_master/go/bin/:$PATH
export GOROOT=/go_master/go
export GOPATH=/go_master/gopath
" >> /etc/profile
source /etc/profile

执行go version，检查安装情况,应该会出现提示:go version devel +22dbc96d8a Tue Nov 27 09:26:16 2018 +0000 linux/amd64

拉取 V2Ray 源代码
go get -u v2ray.com/core/...
go get -u v2ray.com/ext/...

修改本地文件 /go_master/gopath/src/v2ray.com/core/transport/internet/tls/config.go
v2ray-core/transport/internet/tls/config.go

Line 157 in 096bbd2

if !c.AllowInsecureCiphers && len(config.CipherSuites) == 0 {
这段修改为以下内容:
config.CipherSuites = []uint16{
tls.TLS_CHACHA20_POLY1305_SHA256,
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_AES_128_GCM_SHA256,
}
编译
cd $GOPATH/src/v2ray.com/core
bazel build --action_env=GOPATH=$GOPATH --action_env=PATH=$PATH //release:v2ray_linux_amd64_package
cd $GOPATH/src/v2ray.com/core
bazel build --action_env=GOPATH=$GOPATH --action_env=PATH=$PATH //release:v2ray_windows_amd64_package

查找release压缩包路径 find / -name v2ray-*

编译其他平台版本参考:
配置开发环境
https://github.com/v2ray/v2ray-core/blob/e24c1fd02aa2f02b8fc5c2580b589098eb5c6016/release/BUILD

我直接用go1.12beta1编译出错
用go1.11.4编译没修改config.go文件的可以成功编译

`[root@localhost core]# bazel build --verbose_failures --action_env=GOPATH=$GOPATH --action_env=PATH=$PATH //release:v2ray_linux_amd64_package
Starting local Bazel server and connecting to it...
INFO: Invocation ID: 61f8ce13-95cc-4c88-9569-d4d9c1cc05b5
INFO: Analysed target //release:v2ray_linux_amd64_package (6 packages loaded, 36 targets configured).
INFO: Found 1 target...
ERROR: /go_master/gopath/src/v2ray.com/core/main/BUILD:8:1: error executing shell command: '/bin/bash -c CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOROOT_FINAL=/go go build -o bazel-out/k8-fastbuild/bin/main/linux/amd64/v2ray -compiler gc -gcflags "all=-trimpath=${GOPATH}/src" -asmflags "all=...' failed (Exit 1) bash failed: error executing command
(cd /root/.cache/bazel/_bazel_root/da16e3a13c05f18c6118a0b02d0bc904/execroot/v2ray_core &&
exec env -
GOPATH=/go_master/gopath
PATH=/go_master/go/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/go_master/go/bin:/go_master/go1.12/bin:/go_master/go/bin
/bin/bash -c 'CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOROOT_FINAL=/go go build -o bazel-out/k8-fastbuild/bin/main/linux/amd64/v2ray -compiler gc -gcflags "all=-trimpath=${GOPATH}/src" -asmflags "all=-trimpath=${GOPATH}/src" -ldflags '''-s -w''' v2ray.com/core/main')
Execution platform: @bazel_tools//platforms:host_platform

Use --sandbox_debug to see verbose messages from the sandbox: bash failed: error executing command
(cd /root/.cache/bazel/_bazel_root/da16e3a13c05f18c6118a0b02d0bc904/execroot/v2ray_core &&
exec env -
GOPATH=/go_master/gopath
PATH=/go_master/go/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/go_master/go/bin:/go_master/go1.12/bin:/go_master/go/bin
/bin/bash -c 'CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOROOT_FINAL=/go go build -o bazel-out/k8-fastbuild/bin/main/linux/amd64/v2ray -compiler gc -gcflags "all=-trimpath=${GOPATH}/src" -asmflags "all=-trimpath=${GOPATH}/src" -ldflags '''-s -w''' v2ray.com/core/main')
Execution platform: @bazel_tools//platforms:host_platform

Use --sandbox_debug to see verbose messages from the sandbox
build cache is required, but could not be located: GOCACHE is not defined and neither $XDG_CACHE_HOME nor $HOME are defined
Target //release:v2ray_linux_amd64_package failed to build
INFO: Elapsed time: 3.178s, Critical Path: 0.26s
INFO: 0 processes.
FAILED: Build did NOT complete successfully
`

[root@localhost core]# bazel build --sandbox_debug --action_env=GOPATH=$GOPATH --action_env=PATH=$PATH //release:v2ray_linux_amd64_package INFO: Invocation ID: 26762335-2164-4864-8e76-f4e126e8a354 INFO: Analysed target //release:v2ray_linux_amd64_package (0 packages loaded, 0 targets configured). INFO: Found 1 target... ERROR: /go_master/gopath/src/v2ray.com/core/main/BUILD:8:1: error executing shell command: '/bin/bash -c CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOROOT_FINAL=/go go build -o bazel-out/k8-fastbuild/bin/main/linux/amd64/v2ray -compiler gc -gcflags "all=-trimpath=${GOPATH}/src" -asmflags "all=...' failed (Exit 1) linux-sandbox failed: error executing command (cd /root/.cache/bazel/_bazel_root/da16e3a13c05f18c6118a0b02d0bc904/execroot/v2ray_core && \ exec env - \ GOPATH=/go_master/gopath \ PATH=/go_master/go/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/go_master/go/bin:/go_master/go1.12/bin:/go_master/go/bin \ TMPDIR=/tmp \ /root/.cache/bazel/_bazel_root/install/17a7d97356d8ab04cd9e43533c4f9876/_embedded_binaries/linux-sandbox -t 15 -w /root/.cache/bazel/_bazel_root/da16e3a13c05f18c6118a0b02d0bc904/sandbox/linux-sandbox/1/execroot/v2ray_core -w /tmp -w /dev/shm -D -- /bin/bash -c 'CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOROOT_FINAL=/go go build -o bazel-out/k8-fastbuild/bin/main/linux/amd64/v2ray -compiler gc -gcflags "all=-trimpath=${GOPATH}/src" -asmflags "all=-trimpath=${GOPATH}/src" -ldflags '\''-s -w'\'' v2ray.com/core/main') src/main/tools/linux-sandbox.cc:154: linux-sandbox-pid1 has PID 3842 src/main/tools/linux-sandbox-pid1.cc:175: working dir: /root/.cache/bazel/_bazel_root/da16e3a13c05f18c6118a0b02d0bc904/sandbox/linux-sandbox/1/execroot/v2ray_core src/main/tools/linux-sandbox-pid1.cc:194: writable: /root/.cache/bazel/_bazel_root/da16e3a13c05f18c6118a0b02d0bc904/sandbox/linux-sandbox/1/execroot/v2ray_core src/main/tools/linux-sandbox-pid1.cc:194: writable: /tmp src/main/tools/linux-sandbox-pid1.cc:194: writable: /dev/shm src/main/tools/linux-sandbox-pid1.cc:265: remount ro: / src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /dev src/main/tools/linux-sandbox-pid1.cc:265: remount rw: /dev/shm src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /dev/pts src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /dev/mqueue src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /dev/hugepages src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /proc src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /proc/sys/fs/binfmt_misc src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /proc/sys/fs/binfmt_misc src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/kernel/security src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/systemd src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/cpuset src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/net_cls,net_prio src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/freezer src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/cpu,cpuacct src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/memory src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/blkio src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/perf_event src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/devices src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/pids src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/hugetlb src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/cgroup/rdma src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/pstore src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/kernel/config src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/fs/selinux src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/kernel/debug src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /sys/kernel/debug/tracing src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /run src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /run/user/0 src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /home src/main/tools/linux-sandbox-pid1.cc:265: remount ro: /boot src/main/tools/linux-sandbox-pid1.cc:265: remount rw: /root/.cache/bazel/_bazel_root/da16e3a13c05f18c6118a0b02d0bc904/sandbox/linux-sandbox/1/execroot/v2ray_core src/main/tools/linux-sandbox-pid1.cc:265: remount rw: /root/.cache/bazel/_bazel_root/da16e3a13c05f18c6118a0b02d0bc904/sandbox/linux-sandbox/1/execroot/v2ray_core src/main/tools/linux-sandbox-pid1.cc:265: remount rw: /tmp src/main/tools/linux-sandbox-pid1.cc:265: remount rw: /dev/shm src/main/tools/process-tools.cc:118: sigaction(32, &sa, nullptr) failed src/main/tools/process-tools.cc:118: sigaction(33, &sa, nullptr) failed build cache is required, but could not be located: GOCACHE is not defined and neither $XDG_CACHE_HOME nor $HOME are defined src/main/tools/linux-sandbox-pid1.cc:437: waitpid returned 2 src/main/tools/linux-sandbox-pid1.cc:457: child exited with code 1 src/main/tools/linux-sandbox.cc:204: child exited normally with exitcode 1 Target //release:v2ray_linux_amd64_package failed to build Use --verbose_failures to see the command lines of failed build steps. INFO: Elapsed time: 0.444s, Critical Path: 0.23s INFO: 0 processes. FAILED: Build did NOT complete successfully

[kotori2]

刚才试了下，最新的v2ray并不能使用TLS 1.3，官方release编译环境是Go 1.12.0，查了下RFC发现

   Although TLS 1.3 uses the same cipher suite space as previous
   versions of TLS, TLS 1.3 cipher suites are defined differently, only
   specifying the symmetric ciphers, and cannot be used for TLS 1.2.
   Similarly, cipher suites for TLS 1.2 and lower cannot be used with
   TLS 1.3.

然后TLS 1.3支持的加密套件只有

              +------------------------------+-------------+
              | Description                  | Value       |
              +------------------------------+-------------+
              | TLS_AES_128_GCM_SHA256       | {0x13,0x01} |
              |                              |             |
              | TLS_AES_256_GCM_SHA384       | {0x13,0x02} |
              |                              |             |
              | TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} |
              |                              |             |
              | TLS_AES_128_CCM_SHA256       | {0x13,0x04} |
              |                              |             |
              | TLS_AES_128_CCM_8_SHA256     | {0x13,0x05} |
              +------------------------------+-------------+

等一个v2ray追加吧（烧纸.jpg

[kslr]

TLS1.3 已经在4.18.1支持，有精力的朋友可以帮助测试一下。