从openssl 1.1.1开始，带了一个SSLKEYLOGFILE功能，生成的文件可以配置给wireshark用来debug，或者是蛋疼看TLS payload。可以参照 openssl/openssl@4bf73e9

@mritd
Thanks. I'll provide info of how to compile and you can open a pull request.

因为 443 端口需要提供其他服务，所以用 Nginx 做的代理。
Trojan server 启动监听 445 端口，配置 Nginx 片段:

server {
	listen 443 ssl;
	ssl on;
	ssl_certificate /etc/letsencrypt/live/www/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!MD5;
	server_name 我的域名;
	location / {
		proxy_pass http://127.0.0.1:445;
	}
}

Trojan server config:

{
	"run_type": "server",
	"local_addr": "0.0.0.0",
	"local_port": 445,
	"remote_addr": "127.0.0.1",
	"remote_port": 80,
	"password": [
		"@777m777w"
	],
	"log_level": 0,
	"ssl": {
		"cert": "/etc/letsencrypt/live/www/fullchain.pem",
		"key": "/etc/letsencrypt/live/www/privkey.pem",
		"key_password": "",
		"cipher": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
		"prefer_server_cipher": true,
		"alpn": [
			"http/1.1"
		],
		"reuse_session": true,
		"session_ticket": false,
		"session_timeout": 600,
		"plain_http_response": "",
		"curves": "",
		"dhparam": ""
	},
	"tcp": {
		"prefer_ipv4": false,
		"no_delay": true,
		"keep_alive": true,
		"fast_open": false,
		"fast_open_qlen": 20
	},
	"mysql": {
		"enabled": false,
		"server_addr": "127.0.0.1",
		"server_port": 3306,
		"database": "trojan",
		"username": "trojan",
		"password": ""
	}
}

Trojan client config:

{
	"run_type": "client",
	"local_addr": "127.0.0.1",
	"local_port": 1080,
	"remote_addr": "我的域名",
	"remote_port": 443,
	"password": [
		"@777m777w"
	],
	"append_payload": true,
	"log_level": 0,
	"ssl": {
		"verify": true,
		"verify_hostname": true,
		"cert": "www/fullchain.pem",
		"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RSA-AES128-GCM-SHA256:RSA-AES256-GCM-SHA384:RSA-AES128-SHA:RSA-AES256-SHA:RSA-3DES-EDE-SHA",
		"sni": "",
		"alpn": [
			"h2",
			"http/1.1"
		],
		"reuse_session": true,
		"session_ticket": false,
		"curves": ""
	},
	"tcp": {
		"no_delay": true,
		"keep_alive": true,
		"fast_open": false,
		"fast_open_qlen": 20
	}
}

Trojan 服务器一直提示握手失败:

[2019-02-21 16:48:54] [ERROR] 183.83.69.87:1653 SSL handshake failed: wrong version number
[2019-02-21 16:48:54] [INFO] 183.83.69.87:1653 disconnected, 0 bytes received, 0 bytes sent, lasted for 0 seconds

请问我应该如何配置代理转发?

trojan: error while loading shared libraries: libboost_atomic.so.1.65.1: cannot open shared object file: No such file or directory

 "ssl": {
        "cert": ""
    },

only supports external file(file directory), it will be good if trojan can support certs in the configure file, like

  "cert": [
    "-----BEGIN CERTIFICATE-----",
    "exampleCert",
    "-----END CERTIFICATE-----"
  ],

GnuTLS has some nice features which could help circumventing GFW. GnuTLS does hide record lengths and can be configured to emulate OpenSSL signatures, and therefore could be useful against TLS over TLS detections and other attacks.
One caveat: GnuTLS is considered to be lacking in security reviews.

Sorry, I was too lazy to create a PR for review.

Since the boost version basically works I was looking for some quick hacks to speed it up.

diff --git a/src/clientsession.cpp b/src/clientsession.cpp
index ff425c4..3d9d8fd 100644
--- a/src/clientsession.cpp
+++ b/src/clientsession.cpp
@@ -111,6 +111,17 @@ void ClientSession::in_recv(const string &data) {
                     auto self = shared_from_this();
                     resolver.async_resolve(query, [this, self](const boost::system::error_code error, tcp::resolver::iterator iterator) {
                         if (!error) {
+#if BOOST_OS_LINUX
+#ifndef TCP_FASTOPEN_CONNECT
+#define TCP_FASTOPEN_CONNECT 30
+#endif  // TCP_FASTOPEN_CONNECT
+                            using fastopen_connect = boost::asio::detail::socket_option::boolean<BOOST_ASIO_OS_DEF(IPPROTO_TCP), TCP_FASTOPEN_CONNECT>;
+                            boost::system::error_code ec;
+                            // Will throw.
+                            out_socket.lowest_layer().open(iterator->endpoint().protocol());
+                            // Ignores error in case the feature is not available.
+                            out_socket.lowest_layer().set_option(fastopen_connect(true), ec);
+#endif  // BOOST_OS_LINUX
                             out_socket.lowest_layer().async_connect(*iterator, [this, self](const boost::system::error_code error) {
                                 if (!error) {
                                     out_socket.async_handshake(stream_base::client, [this, self](const boost::system::error_code error) {
diff --git a/src/serversession.cpp b/src/serversession.cpp
index 6fa1cbc..9ebe0d7 100644
--- a/src/serversession.cpp
+++ b/src/serversession.cpp
@@ -103,6 +103,17 @@ void ServerSession::in_recv(const string &data) {
                         tcp::resolver::query query(req.address, to_string(req.port));
                         resolver.async_resolve(query, [this, self](const boost::system::error_code error, tcp::resolver::iterator iterator) {
                             if (!error) {
+#if BOOST_OS_LINUX
+#ifndef TCP_FASTOPEN_CONNECT
+#define TCP_FASTOPEN_CONNECT 30
+#endif  // TCP_FASTOPEN_CONNECT
+                                using fastopen_connect = boost::asio::detail::socket_option::boolean<BOOST_ASIO_OS_DEF(IPPROTO_TCP), TCP_FASTOPEN_CONNECT>;
+                                boost::system::error_code ec;
+                                // Will throw.
+                                out_socket.open(iterator->endpoint().protocol());
+                                // Ignores error in case the feature is not available.
+                                out_socket.set_option(fastopen_connect(true), ec);
+#endif  // BOOST_OS_LINUX
                                 out_socket.async_connect(*iterator, [this, self](const boost::system::error_code error) {
                                     if (!error) {
                                         Log::log_with_endpoint(in_endpoint, "tunnel established");
diff --git a/src/service.cpp b/src/service.cpp
index 57001f4..10d130c 100644
--- a/src/service.cpp
+++ b/src/service.cpp
@@ -37,6 +37,12 @@ Service::Service(Config &config) :
     config(config),
     socket_acceptor(io_service, tcp::endpoint(address::from_string(config.local_addr), config.local_port)),
     ssl_context(context::sslv23) {
+#if BOOST_OS_LINUX
+    using fastopen = boost::asio::detail::socket_option::boolean<BOOST_ASIO_OS_DEF(IPPROTO_TCP), TCP_FASTOPEN>;
+    boost::system::error_code ec;
+    // Ignores error.
+    socket_acceptor.set_option(fastopen(true), ec);
+#endif  // BOOST_OS_LINUX
     auto native_context = ssl_context.native_handle();
     if (config.ssl.sigalgs != "") {
         SSL_CONF_CTX *cctx = SSL_CONF_CTX_new();

TCP Fast Open removes 1 RTT. After this patch:

-> SYN, Client Hello
1 RTT
<- SYN/ACK
<- Server Hello, Change Cipher Spec, ...
-> Change Cipher Spec, ...
1 RTT
<- some more TLS parameters
-> GET / HTTP/1.x
1 RTT
<- HTTP/1.x OK

(This is TLS 1.3 draft 22 though. I didn't see TLS 1.2 session resumption working??)

git clone https://github.com/trojan-gfw/trojan
cd trojan/
git checkout stable
mkdir build
cd build/
cmake ..

after running "cmake .." ,i encounter error as follows:
...
CMake Error at /usr/local/share/cmake-3.10/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the
system variable OPENSSL_ROOT_DIR: Found unsuitable version "1.0.1t", but
required is at least "1.0.2" (found /usr/lib/x86_64-linux-gnu/libcrypto.so)
Call Stack (most recent call first):
/usr/local/share/cmake-3.10/Modules/FindPackageHandleStandardArgs.cmake:376 (_FPHSA_FAILURE_MESSAGE)
/usr/local/share/cmake-3.10/Modules/FindOpenSSL.cmake:379 (find_package_handle_standard_args)
CMakeLists.txt:12 (find_package)
-- Configuring incomplete, errors occurred!
See also "/root/trojan/build/CMakeFiles/CMakeOutput.log".
See also "/root/trojan/build/CMakeFiles/CMakeError.log".
root@yms:~/trojan/build#

i already uprade openssl to version1.0.2:
root@yms:# which openssl
/usr/local/ssl/bin/openssl
root@yms:# openssl version
OpenSSL 1.0.2n 7 Dec 2017

how to fix it?
thank you

See here, here, and here.

Add the following security features to the systemd service:

• Run trojan as user and group nobody instead of root for security reasons.
• To avoid the problem of not being able to bind to low ports, add CAP_NET_BIND_SERVICE capability.

According to some issues, here is a list of improvements to be made to the protocol only if necessary. You are welcomed to contribute to this list.

• Pad payloads (#9, #12)
• Eliminate TLS Handshake fingerprint (#11)
  • Manipulating TLS cipher list
  • Manipulating other extensions in Client Hello
• Use TLS session reuse to accelerate connection
• OCSP stapling

Since some strategies cannot be proven effective, further discussions are required.

Thank @klzgrad and @micooz for their great proposals.

I would like to invite you to the discussion of the rationales and ideas for a better circumvention protocol.

Many of the points below can have better context with citations but I try to keep it informal this time.

Why use TLS

Security

The Shadowsocks specification has been reinventing cryptography to make up for apparent vulnerabilities from various probing attacks. It among other similar protocols try to recommend specific cipher suites and cryptographic configurations without professional analysis and audit. The fact that the Shadowsocks spec was fixed again and again with faulty cryptographic designs shows how hard it is to reinvent cryptography and why obfuscation is not possible without certain level of security.

This subject has been much better researched and engineered for years as TLS. TLS provides confidentiality, authentication, and integrity. It protects against replay attack. It has mature and high performance and cross-platform implementations. It is only sensible to adopt commonly used best practices. Those who do not understand TLS are doomed to reinvent it, poorly.

Obfuscation

What Shadowsocks is doing is no different from Tor's pluggable transports, e.g. ScrambleSuit and obfs4, which have designed custom cryptographic protocols to replace Tor's default TLS stack, except that Tor's protocols are scholarly peer-reviewed.

The assumption of these Tor PT protocols is that if the wire data look as random as possible (above the transport layer) it would be impossible to identify or classify. This assumption has its limitation. It is shown that random packet padding actually becomes a feature in itself and enables new entropy-based attacks.

The bigger picture is that most traffic on the Internet does not look random. If an obfuscation protocol makes the data too random it attracts additional scrutiny. A thought experiment: the GFW intercepts 60% HTTP, 30% TLS, and 10% unrecognized high-entropy traffic. After the initial coarse traffic classification, the 10% traffic gets redirected for additional analysis, where more advanced methods become affordable.

The obvious solution is to obfuscate above the transport layer inside real TLS. By moving the protocol up the layer, traffic classification at the transport layer is less effective and the obfuscated traffic is less likely to be scrutinized by being of a larger traffic class. (Note that it must be real TLS. Mimicry of HTTP (or TLS) has been shown to be easily detected.) I think this is part of the reason Meek (plain HTTPS proxy with fake TLS SNI) is given more attention at Tor. As more traffic moves to TLS this effect becomes more pronounced.

Problems of TLS

Information leak

TLS is much more complex than TCP and give off much more information, mostly in TLS parameters in ClientHello and ServerHello, state transition, and certificates.

• TLS parameters: Enable fingerprinting attacks. This can be mitigated by capturing common browsers' traffic and reusing the same parameters. It is also easy to verify this mitigation.
• State transition: Enables deeper fingerprinting. This can be mitigated by using the same TLS library as the browser's. ShadowsocksR's forged TLS handshakes are easy to detect by examining protocol dynamics (example).

In principles these protocol behaviors can be imitated perfectly by reusing a browser's TLS stack and it is easy to verify the imitation locally.

• Certificates: They are identifiers themselves and the parameters used to create them also leak information. Possible mitigation options:
  • No certificates (TLS-PSK/TLS-SRP). TLS without certificates would be a unique traffic feature because this is rarely used.
  • Self-signed certificates. Must use certificate pinning otherwise insecure from MitM attacks.
  • Certificates signed with self-signed CA (not in browsers' default chain of trust). Could be an option as TLS middleboxes and organizations (e.g. 12306.cn) tend to use it.
  • Free SSL certificates (Let's Encrypt, StartSSL, et al.).
  • Paid SSL certificates.

GFW people have proposed to prioritize traffic for more advanced analysis by a "trustworthiness" ranking of the certificates. This is essentially network-layer host behavior analysis applied at the TLS layer and the certificates are the new IP addresses. Indeed IP addresses can also have "trustworthiness" used to prioritize traffic for analysis, e.g. if 99% traffic of a foreign host is with a single domestic host, select it for advanced tunnel traffic classifiers; well-known IP addresses are whitelisted, etc.

Traffic selection is always happening and it's a matter of degree of uniqueness of the certificates. In this sense CA-signed certificates (Let's Encrypt) can be even more unique than self-signed certificates because the former may represent less traffic than the latter. There are no clear wrong options here for circumvention but the choice of best practice remains an open question.

Performance

TLS handshakes introduce additional RTT on top of TCP handshakes. Latency is critical for network performance.

The Shadowsocks protocol has no handshakes and its implementation uses TCP Fast Open which reduces even more handshake RTT. Although TCP Fast Open is not always usable as it is commonly obstructed by middleboxes.

Speaking of RTT, VPNs at the network layer would have the least RTT among proxy schemes, but VPNs' usability is harmed by its requirement to configure the OS network stack. In this sense Shadowsocks' success is partly due to the fact that it requires little sysadmin work which is a reasonable tradeoff for TCP handshake RTT.

There are remedies in TLS for the RTT problem. TLS 1.2 False Start extension reduces handshakes to 1-RTT. TLS 1.3 (draft) introduces a 0-RTT mode. But TLS 1.3 implementations are still not production-ready to match the 0-RTT performance in Shadowsocks protocol (I tried Chromium/BoringSSL, Nginx. Though HAProxy just put out 0-RTT support in 1.8-rc3, I was working with Nginx because it's easier for scripting. I hope I can get them working soon.)

About TCP Fast Open, I found neither Nginx nor HAProxy has implemented it in client mode. Nginx gave an interesting reason: it's better to use persistent connections instead of creating new connections very fast. Shadowsocks creates a new proxy connection for each client request. It is arguable whether multiplexing would be better than that for Shadowsocks, but the benefit is obvious in the case of TLS where the cost of creating new connections is high.

There are two schemes of multiplexing: one is multiplexing multiple streams into a single TCP connection, the other is connection reuse/connection pooling. Mux.Cool used by V2Ray is of the first scheme. The first scheme has a head-of-line blocking problem which increases latency, see this. The second one is used by Nginx as "keepalives." It works like this: For a new client connection, try to use an idle proxy connection in the pool or create a new connection; after the client connection is closed, do not close the proxy connection instead save it into the pool as idle (with an idle timeout).

The Shadowsocks protocol does not allow multiplexing because it cannot distinguish the start and end of streams. Neither does the Trojan protocol but Trojan can be extended to allow this enhancement. To enable multiplexing the protocol can use a similar scheme as HTTP chunked transfer encoding:

• Use a size field of two bytes to indicate the size of the chunk immediately following the size field. A size of zero indicates the end of stream.

Traffic analysis

I agree this is a legitimate threat and deserves attention. There has been a report of a specific TLS-in-TLS proxy being repeatably detected by traffic analysis, but at the same time GFW people have also admitted the limitation of practical traffic analysis (classifiers do not generalize, concept drift, etc.).

The difficulty at the circumvention side is that there is no way to verify the effectiveness of any proposed traffic obfuscation technique in real-world setting and similarly there is no way to compare their relative effectiveness.

Despite the theoretical trouble I think the current recommendation is to implement any basic packet padding scheme, which will be always better than no padding. More adversarial implementations of detectors of traffic obfuscators may prove useful in measuring the strength of them.

Other rationales

• In evaluating the threat of an attack, always examine how feasible for the censor to implement the particular attack, i.e. eliminate simple exploits first.
• Develop a censorship event collection and reporting scheme (e.g. collect traffic flow metadata for replay experiments) so analysis can be empirically grounded instead of based on anecdotes and speculation.
• Develop adversarial testing frameworks (e.g. sssniff) so the strength of obfuscation techniques can be verified and compared.
• Usability matters. Even as we focus more on theoretical attacks we should still think about usability.
• (Also, the old recommendation from WCP was that organization of GFW circumvention efforts should be decentralized and fragmented in nature. Increasingly centralized projects like Shadowsocks become easy targets for censorship research. This is why I do not support centralizing more efforts into the Shadowsocks plugin extension system.)

@GreaterFire @micooz @WANG-lp @bosskwei @wongsyrone

1. Certificate Problem.
   A self-signed or a not well-known certificate can be simply put into suspected list by GFW.

2. Anti-Passive Detection will not work.
   Data chunks are wrapped into Application Data which has only a fixed-length header(0x170303 + 2 bytes chunk_len), thus the feature of application traffic cannot be obfuscated by your protocol.

平常习惯于路由器，系统是OpenWRT，希望有开源代码可以编译成为ipk文件，以便装载到路由器上

Trojan version 1.9.0 on both server and client.

I can't get Trojan to send any data, all connections to the local proxy running on 127.0.0.1:1080 fail with "unknown protocol". No output appears on the server's end.

If it matters at all, the server is running in a FreeBSD jail behind a reverse proxy, all traffic is routed host -> reverse-proxy -> jail.

The trojan build instructions should be clear and on the git project page

Combing through the readme.md and multiple other folders doesn't even add any further how-to on this. Attempting cmake, ./configure results in zip, nada. Fill in the current missing build instruction blanks in the git project page and add the build-compile instructions in a tiny .txt file for the main directory folder.

no route to host ....
debian 9 vps

Is there any plan to create a decentralised version in order to democratize the tool similar to privatix.io? I personally think anti censorship tools should be used by everyone and there are very good platform like v2ray but the issue being only a very small population will use it eventually eg. 100k vs 1b potential users. If there are many proxy nodes run by international community and they are incentivised to do so, it would be hard for gfw to block them all. From a technical standpoint, most coders focus on the technical aspect of being stealthy but for users, it is about costs and availability. A decentralised business model is probably more conducive to mass adoption than being just an incremental improvement in stealth.

Is the TLS stack used here being audited for fingerprinting potential?

• The cipher list in ClientHello (Tor had this issue).
• Other parameters in ClientHello (I noticed there is no padding. Bad.)
• The certificate format.
• SNI?
• I think in theory the TLS state machine in specific implementations will also have identifying information from its state transition.

the above error always popups after starting projan server. anyone can help?

Please add custom DNS support to config file.
Instead using DNS provided by OS, this will allow user to config custom DNS server in trojan.

Add .service for trojan server and client.

@UzminTid Thank you for your contributions to the Trojan wiki. Communication languages other than English are strongly discouraged in this organization, so I reverted your changes (Chinese translation) in the wiki. I encourage you to host a repository yourself if you still want to present Chinese wiki. To retrieve your files, you can execute the following commands:

git clone https://github.com/trojan-gfw/trojan.wiki.git
cd trojan.wiki
git checkout 3ff96b7

同443端口，使用letsencrypt生成的证书。
选择不使用ssl，能正常连接：
"ssl_verify":false,
"ssl_verify_hostname":false

使用ssl验证，报错SSL handshake failed with xxx.xx

TLS1.3 has a lot of security and performance improvements such as 0-RTT, and HKDF. Please consider implement TLS1.3 for hardened security.

When I connect my own server with client, it will show these error infos.
server:

client:

I set cert.pem for cert, privkey.pem for key and keep empty for key password in my server's configuration file, which are provided by Let's Encrypt. And I also set cert.pem for cert in my client's configuration file.

I don't know if I choose a wrong certificate, and when I choose fullchain.pem, these error infos disappeared again.

I ran a server using certificate issued by Let's Encrypt. And I cannot connect to the server. I always got "SSL handshake failed with ..." error.

Server config:

{
    "run_type": "server",
    "local_addr": "0.0.0.0",
    "local_port": 443,
    "remote_addr": "127.0.0.1",
    "remote_port": 80,
    "password": ["12345678"],
    "log_level": 3,
    "ssl": {
        "cert": "/root/.acme.sh/example.com/fullchain.cer",
        "key": "/root/.acme.sh/example.com/example.com.key",
        "key_password": "",
        "cipher": "ECDHE-RSA-AES128-GCM-SHA256",
        "prefer_server_cipher": true,
        "alpn": ["http/1.1"],
        "reuse_session": true,
        "session_timeout": 300,
        "curves": "brainpoolP256r1",
        "sigalgs": "",
        "dhparam": ""
    }
}

Client config:

{
    "run_type": "client",
    "local_addr": "127.0.0.1",
    "local_port": 1082,
    "remote_addr": "example.com",
    "remote_port": 443,
    "password": ["12345678"],
    "log_level": 1,
    "ssl": {
        "verify": true,
        "verify_hostname": true,
        "cert": "LetsEncrypt-CA.txt",
        "cipher": "ECDHE-RSA-AES128-GCM-SHA256",
        "sni": "example.com",
        "alpn": ["http/1.1"],
        "reuse_session": true,
		"curves": "brainpoolP256r1",
		"sigalgs": ""
    }
}

Ask for official docker image support.

Hi @GreaterFire,

I find this project is quite interesting. It may be necessary to move on to SOCKS5 over TLS in the near future.

I'm wondering if you can implement SIP003 to let your project work with shadowsocks. If so, this project would get supported on all the known platforms and devices instantly.

If you have any question, please let me know.

Thanks,
Max

Since when run in server mode, we usually deploy a web server as well. Can we add uds for even better performance?

Explain: English is not good, using machine translation.

• Can I use Nginx proxy to a url?
  Like example.com/xxx/trojan, example.com is a real web site
  Advantages: HTTPS transport only visible domain, path is encrypted
• Would it be better to use WebSocket or QUIC ?
  HTTP mostly short links, and WebSockets or QUIC is more suitable for long connections

PS: Not deep understanding of the network, if any errors, please correct me
PS2: QUIC using UDP may be QOS

[FATAL] trojan service (server) started at 0.0.0.0:443

Doesn't look fatal to me.

Please consider adding PSK cipher suites for certificate-less setup.
Recommendation:
TLS_PSK_WITH_AES_128_GCM_SHA256 and TLS_PSK_WITH_AES_256_GCM_SHA384 in RFC5487

Hi,
I have a question about this project:
Does TLS over TLS make it more easy for GFW to detect such 'hidden' traffic?

We already know that GFW can detect and interfere the OpenVPN traffic very quickly.

Ref:
https://gist.github.com/micooz/52a81852e3f6d1614f66e07b0757cd6c
https://gist.github.com/clowwindy/5947691
http://jiji.io/p/12699180487511941578

For example, https://github.com/trojan-gfw/trojan/blob/master/docs/config should be https://github.com/trojan-gfw/trojan/blob/master/docs/config.md. And so are other URLs. Regards.

China is pursuing quantum supremacy and we should prepare for it.

IETF has an idea called Quantum-Safe Hybrid (QSH) Ciphersuite for TLS.
Here is the document:
https://tools.ietf.org/html/draft-whyte-qsh-tls13-02 (For TLS 1.3)
https://tools.ietf.org/html/draft-whyte-qsh-tls12-02 (For TLS 1.2)

WolfSSL library has implemented QSH ciphersuite.
https://www.wolfssl.com/quantum-safe-wolfssl-2/

hi。
server.json里的curves的值怎么填？

I've edited the "config.json" file and downloaded the "private.crt" to the directory
"cert": "/etc/ssl/cert.pem"
"cert": "private.crt",
which one is correct?

When i run the trojan exec file,it shows :
[2019-02-22 09:44:54] [FATAL] fatal: config.json: cannot open file
[2019-02-22 09:44:54] [FATAL] exiting. . .
what's wrong? please help.

Could we add quic support ?

Does pre-built binary have TLS1.3?

I tried use "TLS13-AES-128-GCM-SHA256" in "cipher" and it did not work.

Profile has opened TFO and BBR, After actual testing, trojan is too slow。。。

配置文件打开了TFO和BBR，然而速度慢成了翔，有没有参数提供下优化？

我应该如何与CDN结合使用？

Build and Install

Type in

mkdir build
cd build/
cmake ..
make
ctest
sudo make install

root@11:~/trojan/build# make install
make: *** No rule to make target 'install'. Stop.

There is a certain website resolved to one ipv4 address and one ipv6 address. The resolved ipv6 address does not work (curl -6 https://the.website times out).

In my testing the trojan server connects to the ipv6 address and does not work. It should be able to connect to the ipv4 address.

So far it's just one case. I used this workaround.

--- a/src/serversession.cpp
+++ b/src/serversession.cpp
@@ -103,6 +103,14 @@ void ServerSession::in_recv(const string &data) {
                         tcp::resolver::query query(req.address, to_string(req.port));
                         resolver.async_resolve(query, [this, self](const boost::system::error_code error, tcp::resolver::iterator iterator) {
                             if (!error) {
+auto v4it = iterator;
+for (auto v4it = iterator; v4it != tcp::resolver::iterator(); ++v4it) {
+  const auto& addr = v4it->endpoint().address();
+  if (!addr.is_v6()) {
+    iterator = v4it;
+    break;
+  }
+}
                                 out_socket.async_connect(*iterator, [this, self](const boost::system::error_code error) {
                                     if (!error) {
                                         Log::log_with_endpoint(in_endpoint, "tunnel established");

This is not limited to ipv4/6 dual stack resolutions. If a domain name resolves to multiple addresses and one of them doesn't work, the resolver needs to do something intelligent to blacklist that not working address.

Not action is required at this time. In the future using chromium's network stack should automatically solve this problem.

Packaging Status:

If you are interested in becoming a maintainer to maintain trojan packages for some Linux distributions, please reply to this issue.

Trojan died after a while.

Is there any plan to release a Android client?

左边是caddy.forwardproxy 右边是trojan
trojan延时高些

httping测试 $httping -g http://google.com --proxy 127.0.0.1:1001 -Y -c 100
同时、同服务器haproxy复用443端口sni分流、都是tls1.3(winshark抓包)
配置是按examples写的,尝试修改"append_payload": false "session_ticket": true 均无改善

连接方式:
httping→privoxy→trojan(client)→trojan(server)→internet
httping→caddy.forwardproxy(http→upstream)→caddy(server)→internet

My client is Windows 10 and Trojan works perfect. There is only one issue. I enabled fastopen (include trojan config and system operation) on bothside but I got this.

Welcome to trojan 1.10.0
[2019-01-26 11:20:22] [WARN] TCP_FASTOPEN_CONNECT is not supported
[2019-01-26 11:20:22] [FATAL] trojan service (client) started at 127.0.0.1:800

I don't know why, here is my config.

# server config 
"tcp": {
        "prefer_ipv4": true,
        "no_delay": true,
        "keep_alive": true,
        "fast_open": true,
        "fast_open_qlen": 20
    }

# client config
"tcp": {
        "no_delay": true,
        "keep_alive": true,
        "fast_open": true,
        "fast_open_qlen": 20
    }