github.com/xmplusdev/xray-core@v1.8.10/transport/internet/tls/config.proto (about)

     1  syntax = "proto3";
     2  
     3  package xray.transport.internet.tls;
     4  option csharp_namespace = "Xray.Transport.Internet.Tls";
     5  option go_package = "github.com/xmplusdev/xray-core/transport/internet/tls";
     6  option java_package = "com.xray.transport.internet.tls";
     7  option java_multiple_files = true;
     8  
     9  message Certificate {
    10    // TLS certificate in x509 format.
    11    bytes certificate = 1;
    12  
    13    // TLS key in x509 format.
    14    bytes key = 2;
    15  
    16    enum Usage {
    17      ENCIPHERMENT = 0;
    18      AUTHORITY_VERIFY = 1;
    19      AUTHORITY_ISSUE = 2;
    20    }
    21  
    22    Usage usage = 3;
    23  
    24    uint64 ocsp_stapling = 4;
    25  
    26    // TLS certificate path
    27    string certificate_path = 5;
    28  
    29    // TLS Key path
    30    string key_path = 6;
    31  
    32    // If true, one-Time Loading
    33    bool One_time_loading = 7;
    34  }
    35  
    36  message Config {
    37    // Whether or not to allow self-signed certificates.
    38    bool allow_insecure = 1;
    39  
    40    // List of certificates to be served on server.
    41    repeated Certificate certificate = 2;
    42  
    43    // Override server name.
    44    string server_name = 3;
    45  
    46    // Lists of string as ALPN values.
    47    repeated string next_protocol = 4;
    48  
    49    // Whether or not to enable session (ticket) resumption.
    50    bool enable_session_resumption = 5;
    51  
    52    // If true, root certificates on the system will not be loaded for
    53    // verification.
    54    bool disable_system_root = 6;
    55  
    56    // The minimum TLS version.
    57    string min_version = 7;
    58  
    59    // The maximum TLS version.
    60    string max_version = 8;
    61  
    62    // Specify cipher suites, except for TLS 1.3.
    63    string cipher_suites = 9;
    64  
    65    // Whether the server selects its most preferred ciphersuite.
    66    bool prefer_server_cipher_suites = 10;
    67  
    68    // TLS Client Hello fingerprint (uTLS).
    69    string fingerprint = 11;
    70  
    71    bool reject_unknown_sni = 12;
    72    
    73    /* @Document A pinned certificate chain sha256 hash.
    74       @Document If the server's hash does not match this value, the connection will be aborted.
    75       @Document This value replace allow_insecure.
    76       @Critical
    77    */
    78    repeated bytes pinned_peer_certificate_chain_sha256 = 13;
    79  
    80    /* @Document A pinned certificate public key sha256 hash.
    81       @Document If the server's public key hash does not match this value, the connection will be aborted.
    82       @Document This value replace allow_insecure.
    83       @Critical
    84    */
    85    repeated bytes pinned_peer_certificate_public_key_sha256 = 14;
    86  
    87    string master_key_log = 15;
    88  }