github.com/xmplusdev/xmcore@v1.8.11-0.20240412132628-5518b55526af/transport/internet/tls/config.proto (about) 1 syntax = "proto3"; 2 3 package xray.transport.internet.tls; 4 option csharp_namespace = "Xray.Transport.Internet.Tls"; 5 option go_package = "github.com/xmplusdev/xmcore/transport/internet/tls"; 6 option java_package = "com.xray.transport.internet.tls"; 7 option java_multiple_files = true; 8 9 message Certificate { 10 // TLS certificate in x509 format. 11 bytes certificate = 1; 12 13 // TLS key in x509 format. 14 bytes key = 2; 15 16 enum Usage { 17 ENCIPHERMENT = 0; 18 AUTHORITY_VERIFY = 1; 19 AUTHORITY_ISSUE = 2; 20 } 21 22 Usage usage = 3; 23 24 uint64 ocsp_stapling = 4; 25 26 // TLS certificate path 27 string certificate_path = 5; 28 29 // TLS Key path 30 string key_path = 6; 31 32 // If true, one-Time Loading 33 bool One_time_loading = 7; 34 } 35 36 message Config { 37 // Whether or not to allow self-signed certificates. 38 bool allow_insecure = 1; 39 40 // List of certificates to be served on server. 41 repeated Certificate certificate = 2; 42 43 // Override server name. 44 string server_name = 3; 45 46 // Lists of string as ALPN values. 47 repeated string next_protocol = 4; 48 49 // Whether or not to enable session (ticket) resumption. 50 bool enable_session_resumption = 5; 51 52 // If true, root certificates on the system will not be loaded for 53 // verification. 54 bool disable_system_root = 6; 55 56 // The minimum TLS version. 57 string min_version = 7; 58 59 // The maximum TLS version. 60 string max_version = 8; 61 62 // Specify cipher suites, except for TLS 1.3. 63 string cipher_suites = 9; 64 65 // Whether the server selects its most preferred ciphersuite. 66 bool prefer_server_cipher_suites = 10; 67 68 // TLS Client Hello fingerprint (uTLS). 69 string fingerprint = 11; 70 71 bool reject_unknown_sni = 12; 72 73 /* @Document A pinned certificate chain sha256 hash. 74 @Document If the server's hash does not match this value, the connection will be aborted. 75 @Document This value replace allow_insecure. 76 @Critical 77 */ 78 repeated bytes pinned_peer_certificate_chain_sha256 = 13; 79 80 /* @Document A pinned certificate public key sha256 hash. 81 @Document If the server's public key hash does not match this value, the connection will be aborted. 82 @Document This value replace allow_insecure. 83 @Critical 84 */ 85 repeated bytes pinned_peer_certificate_public_key_sha256 = 14; 86 87 string master_key_log = 15; 88 }