Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KCP/mKCP 协议能否增加加密设置选项? #2131

Closed
poly-1 opened this issue Dec 25, 2019 · 8 comments
Closed

KCP/mKCP 协议能否增加加密设置选项? #2131

poly-1 opened this issue Dec 25, 2019 · 8 comments
Labels

Comments

@poly-1
Copy link

poly-1 commented Dec 25, 2019

有个问题可能需要在帮助文档里面说明,即当前内置的mKCP默认是否进行了加密?

如果当前是直接转发加密后的VMess数据包,是否会容易导致干扰?能否像KCPTun一样配置额外的加密方式?

@kslr
Copy link
Contributor

kslr commented Dec 25, 2019

为什么直接转发会导致干扰? 什么是额外的加密

@kslr kslr closed this as completed Dec 28, 2019
@poly-1
Copy link
Author

poly-1 commented Dec 28, 2019

为什么直接转发会导致干扰? 什么是额外的加密

因为不加密的话,至少VMess协议的头部是明文,攻击者是不是会较为容易的进行篡改?再进行一次加密至少可以使VMess头部没那么容易被篡改

好比https+tls虽然很安全,但可以被中间人攻击,虽然中间人攻击我们可以察觉,但还是导致了证书错误以至于通信中断。但如果https+tls在VMess隧道上传输,中间人攻击的难度大幅上升。

其实,我比较想知道当前mKCP协议的具体实现,因为KCPTun默认是会自带加密的,相当于双层加密。当前的mKCP就是直接转发加密后的VMess数据包吗?

@kslr kslr reopened this Dec 28, 2019
@kslr
Copy link
Contributor

kslr commented Dec 28, 2019

@xiaokangwang

@Steve789
Copy link

mkcp似乎是V2ray里面不太推荐使用的配置。

@poly-1
Copy link
Author

poly-1 commented Jan 23, 2020

我没记错的话,TLS1.2/1.3是可以防止中间人攻击的。

这里讨论的是 mKCP + VMess, 而使用 mKCP + TLS 是一种很扯的用法。

mkcp似乎是V2ray里面不太推荐使用的配置。

mKCP 在一些丢包率高的网络环境有奇效。

@jinmiaoluo
Copy link

jinmiaoluo commented Jan 23, 2020 via email

@poly-1
Copy link
Author

poly-1 commented Feb 2, 2020

@jinmiaoluo @okudayukiko 我知道TLS比较安全,但该issue讨论的是mkcp以及是否应该给mkcp提供额外加密的问题,为什么非要把TLS扯进来?你的意思是使用 mkcp + TLS 作为额外加密来解决我一开始提的问题吗?

@github-actions
Copy link

This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days

@github-actions github-actions bot added the Stale label Oct 12, 2020
xiocode pushed a commit to going/v2ray-core that referenced this issue Jun 29, 2023
* Replace TCP Segmentation with TLS Hello Fragmentation

* Update infra/conf/freedom.go

* Refine proxy/freedom/freedom.go

---------

Co-authored-by: RPRX <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants