andre/mihomo
1
0
Fork 0
mirror of https://github.com/MetaCubeX/mihomo.git synced 2026-02-26 16:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: improve fingerprint verifier handle non-leaf certificate

Browse Source
This commit is contained in:
wwqgtxx
2025-09-17 11:18:14 +08:00
parent 30bead4e2e
commit 7e71d21ab4
5 changed files with 402 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
docs/config.yaml
View File

@@ -349,7 +349,7 @@ proxies: # socks5
# username: username
# password: password
# tls: true
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# skip-cert-verify: true
# udp: true
# ip-version: ipv6
@@ -364,7 +364,7 @@ proxies: # socks5
# tls: true # https
# skip-cert-verify: true
# sni: custom.com
# fingerprint: xxxx # 同 experimental.fingerprints 使用 sha256 指纹,配置协议独立的指纹,将忽略 experimental.fingerprints
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# ip-version: dual
# Snell
@@ -432,9 +432,7 @@ proxies: # socks5
plugin-opts:
mode: websocket # no QUIC now
# tls: true # wss
# 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# 配置指纹将实现 SSL Pining 效果
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# ech-opts:
# enable: true # 必须手动开启
# # 如果config为空则通过dns解析不为空则通过该值指定格式为经过base64编码的ech参数dig +short TYPE65 tls-ech.dev
@@ -472,9 +470,7 @@ proxies: # socks5
plugin-opts:
mode: websocket
# tls: true # wss
# 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# 配置指纹将实现 SSL Pining 效果
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# skip-cert-verify: true
# host: bing.com
# path: "/"
@@ -534,7 +530,7 @@ proxies: # socks5
cipher: auto
# udp: true
# tls: true
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# client-fingerprint: chrome # Available: "chrome","firefox","safari","ios","random", currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan.
# skip-cert-verify: true
# servername: example.com # priority over wss host
@@ -561,7 +557,7 @@ proxies: # socks5
cipher: auto
network: h2
tls: true
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
h2-opts:
host:
- http.example.com
@@ -596,7 +592,7 @@ proxies: # socks5
cipher: auto
network: grpc
tls: true
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
servername: example.com
# skip-cert-verify: true
grpc-opts:
@@ -612,7 +608,7 @@ proxies: # socks5
network: tcp
servername: example.com # AKA SNI
# skip-cert-verify: true
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
# ech-opts:
# enable: true # 必须手动开启
@@ -629,7 +625,7 @@ proxies: # socks5
udp: true
flow: xtls-rprx-vision
client-fingerprint: chrome
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# skip-cert-verify: true
- name: "vless-encryption"
@@ -699,7 +695,7 @@ proxies: # socks5
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
servername: example.com # priority over wss host
# skip-cert-verify: true
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
ws-opts:
path: "/"
headers:
@@ -714,7 +710,7 @@ proxies: # socks5
port: 443
password: yourpsk
# client-fingerprint: random # Available: "chrome","firefox","safari","random","none"
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# udp: true
# sni: example.com # aka server name
# alpn:
@@ -738,7 +734,7 @@ proxies: # socks5
network: grpc
sni: example.com
# skip-cert-verify: true
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
udp: true
grpc-opts:
grpc-service-name: "example"
@@ -751,7 +747,7 @@ proxies: # socks5
network: ws
sni: example.com
# skip-cert-verify: true
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
udp: true
# ws-opts:
# path: /path
@@ -770,7 +766,7 @@ proxies: # socks5
# udp: true
# sni: example.com # aka server name
# skip-cert-verify: true
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
#hysteria
- name: "hysteria"
@@ -796,7 +792,7 @@ proxies: # socks5
# ca: "./my.ca"
# ca-str: "xyz"
# disable-mtu-discovery: false
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# fast-open: true # 支持 TCP 快速打开,默认为 false
#hysteria2
@@ -818,7 +814,7 @@ proxies: # socks5
# # 如果config为空则通过dns解析不为空则通过该值指定格式为经过base64编码的ech参数dig +short TYPE65 tls-ech.dev
# config: AEn+DQBFKwAgACABWIHUGj4u+PIggYXcR5JF0gYk3dCRioBW8uJq9H4mKAAIAAEAAQABAANAEnB1YmxpYy50bHMtZWNoLmRldgAA
# skip-cert-verify: false
# fingerprint: xxxx
# fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
# alpn:
# - h3
# ca: "./my.ca"