github.com/xraypb/xray-core@v1.6.6/transport/internet/xtls/config.proto (about)

     1  syntax = "proto3";
     2  
     3  package xray.transport.internet.xtls;
     4  option csharp_namespace = "Xray.Transport.Internet.Xtls";
     5  option go_package = "github.com/xraypb/xray-core/transport/internet/xtls";
     6  option java_package = "com.xray.transport.internet.xtls";
     7  option java_multiple_files = true;
     8  
     9  message Certificate {
    10    // TLS certificate in x509 format.
    11    bytes certificate = 1;
    12  
    13    // TLS key in x509 format.
    14    bytes key = 2;
    15  
    16    enum Usage {
    17      ENCIPHERMENT = 0;
    18      AUTHORITY_VERIFY = 1;
    19      AUTHORITY_ISSUE = 2;
    20    }
    21  
    22    Usage usage = 3;
    23  
    24    uint64 ocsp_stapling = 4;
    25  
    26    // TLS certificate path
    27    string certificate_path = 5;
    28  
    29    // TLS Key path
    30    string key_path = 6;
    31  
    32    // If true, one-Time Loading
    33    bool One_time_loading = 7;
    34  }
    35  
    36  message Config {
    37    // Whether or not to allow self-signed certificates.
    38    bool allow_insecure = 1;
    39  
    40    // List of certificates to be served on server.
    41    repeated Certificate certificate = 2;
    42  
    43    // Override server name.
    44    string server_name = 3;
    45  
    46    // Lists of string as ALPN values.
    47    repeated string next_protocol = 4;
    48  
    49    // Whether or not to enable session (ticket) resumption.
    50    bool enable_session_resumption = 5;
    51  
    52    // If true, root certificates on the system will not be loaded for
    53    // verification.
    54    bool disable_system_root = 6;
    55  
    56    // The minimum TLS version.
    57    string min_version = 7;
    58  
    59    // The maximum TLS version.
    60    string max_version = 8;
    61  
    62    // Specify cipher suites, except for TLS 1.3.
    63    string cipher_suites = 9;
    64  
    65    // Whether the server selects its most preferred ciphersuite.
    66    bool prefer_server_cipher_suites = 10;
    67  
    68    bool reject_unknown_sni = 12;
    69  
    70    /* @Document A pinned certificate chain sha256 hash.
    71       @Document If the server's hash does not match this value, the connection will be aborted.
    72       @Document This value replace allow_insecure.
    73       @Critical
    74    */
    75    repeated bytes pinned_peer_certificate_chain_sha256 = 13;
    76  }