Enable TLS 1.3 #1651
Enable TLS 1.3 #1651
Conversation
add environment variables to enable TLS 1.3 according to https://golang.org/pkg/crypto/tls/
1. add 3 TLS 1.3 specified ciphers. 2. prefer AES-128-GCM than CHACHA20-POLY1305 as Encryption. 3. prefer ECDSA than RSA as Key Exchange.
|
You should have submit 3 changes separately so that they can be discussed individually. You are setting tls13 environment variable from config.pb.go, which can be regenerated at any time. It is better to set it in a separate file, in a way that can be disabled. Can you provide justification for "Prefer AES-128-GCM-SHA256 as Encryption(+AEAD MAC) than CHACHA20-POLY1305" ? As for “Change GOCACHE to an absolute path /tmp to avoid failing the bazel building”, there are other PR addressing this. I recommend you to drop this from your PR so that discussions can be focus on other topic. |
The reason to give If CHACHA20 ciphersuites is the first option of the client, some TLS server (e.g. those use OpenSSL with Thus, Most of TLS Clients use AES-128-GCM-SHA256 -> CHACHA20-POLY1305 -> AES-256-GCM-SHA384 as the ciphersuites priority when running on a platform with AES instruction sets, this change is an enhancement on performance and makes the TLS of V2Ray more similar to a common one like Google Chrome or Mozilla Firefox. |
|
Should I close this PR and re-create one, keeps the change on tls13 ciphers only? It's my first PR, sorry for any inconvenient caused by me. |
This pull request including the following changes:
AES-128-GCM-SHA256as Encryption(+AEAD MAC) thanCHACHA20-POLY1305ECDSAthanRSAas Authentication in TLS 1.0 to TLS 1.2GOCACHEto an absolute path/tmpto avoid failing the bazel building (go1.12.3 编译v2ray 失败(GOCACHE is not an absolute path) #1643 fix #1643, fix v2ray/discussion#207. GOCACHE is not an absolute path #1650 )P.S.
Q. Why this account is registered recently
A. It's not my main account, it's a mitigation of privacy compromising.