From e0c39bdaf990d6a464b24fb4980aac6878d898ff Mon Sep 17 00:00:00 2001 From: actions-user Date: Thu, 1 May 2025 20:14:41 +0800 Subject: [PATCH] update 2025-05-01 20:14:41 --- .../luasrc/model/cbi/passwall/client/type/sing-box.lua | 8 ++++++++ luci-app-passwall/luasrc/passwall/util_sing-box.lua | 2 +- luci-app-passwall/po/zh-cn/passwall.po | 3 +++ .../luasrc/model/cbi/passwall2/client/type/sing-box.lua | 8 ++++++++ luci-app-passwall2/luasrc/passwall2/util_sing-box.lua | 2 +- luci-app-passwall2/po/zh-cn/passwall2.po | 3 +++ 6 files changed, 24 insertions(+), 2 deletions(-) diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua index 0fb4acc6..d8e5f686 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua @@ -448,6 +448,14 @@ o:value("h2,http/1.1") o:value("h3,h2,http/1.1") o:depends({ [_n("tls")] = true }) +o = s:option(Flag, _n("tls_disable_sni"), translate("Disable SNI"), translate("Do not send server name in ClientHello.")) +o.default = "0" +o:depends({ [_n("tls")] = true }) +o:depends({ [_n("protocol")] = "hysteria"}) +o:depends({ [_n("protocol")] = "tuic" }) +o:depends({ [_n("protocol")] = "hysteria2" }) +o:depends({ [_n("protocol")] = "shadowsocks" }) + o = s:option(Value, _n("tls_serverName"), translate("Domain")) o:depends({ [_n("tls")] = true }) o:depends({ [_n("protocol")] = "hysteria"}) diff --git a/luci-app-passwall/luasrc/passwall/util_sing-box.lua b/luci-app-passwall/luasrc/passwall/util_sing-box.lua index 20bdd42a..61d620ca 100644 --- a/luci-app-passwall/luasrc/passwall/util_sing-box.lua +++ b/luci-app-passwall/luasrc/passwall/util_sing-box.lua @@ -147,7 +147,7 @@ function gen_outbound(flag, node, tag, proxy_table) end tls = { enabled = true, - disable_sni = false, --不要在 ClientHello 中发送服务器名称. + disable_sni = (node.tls_disable_sni == "1") and true or false, --不要在 ClientHello 中发送服务器名称. server_name = node.tls_serverName, --用于验证返回证书上的主机名,除非设置不安全。它还包含在 ClientHello 中以支持虚拟主机,除非它是 IP 地址。 insecure = (node.tls_allowInsecure == "1") and true or false, --接受任何服务器证书。 alpn = alpn, --支持的应用层协议协商列表,按优先顺序排列。如果两个对等点都支持 ALPN,则选择的协议将是此列表中的一个,如果没有相互支持的协议则连接将失败。 diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index a7e2df38..aaeca152 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -1303,6 +1303,9 @@ msgstr "原版Trojan只支持'tls',请选择'tls'。" msgid "Transfer mode" msgstr "传输模式" +msgid "Do not send server name in ClientHello." +msgstr "不要在 ClientHello 中发送服务器名称。" + msgid "Domain" msgstr "域名" diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua index 3859e57c..f995a5f7 100644 --- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua +++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua @@ -446,6 +446,14 @@ o:value("h2,http/1.1") o:value("h3,h2,http/1.1") o:depends({ [_n("tls")] = true }) +o = s:option(Flag, _n("tls_disable_sni"), translate("Disable SNI"), translate("Do not send server name in ClientHello.")) +o.default = "0" +o:depends({ [_n("tls")] = true }) +o:depends({ [_n("protocol")] = "hysteria"}) +o:depends({ [_n("protocol")] = "tuic" }) +o:depends({ [_n("protocol")] = "hysteria2" }) +o:depends({ [_n("protocol")] = "shadowsocks" }) + o = s:option(Value, _n("tls_serverName"), translate("Domain")) o:depends({ [_n("tls")] = true }) o:depends({ [_n("protocol")] = "hysteria"}) diff --git a/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua b/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua index 06ebb558..480e987b 100644 --- a/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua +++ b/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua @@ -88,7 +88,7 @@ function gen_outbound(flag, node, tag, proxy_table) end tls = { enabled = true, - disable_sni = false, --不要在 ClientHello 中发送服务器名称. + disable_sni = (node.tls_disable_sni == "1") and true or false, --不要在 ClientHello 中发送服务器名称. server_name = node.tls_serverName, --用于验证返回证书上的主机名,除非设置不安全。它还包含在 ClientHello 中以支持虚拟主机,除非它是 IP 地址。 insecure = (node.tls_allowInsecure == "1") and true or false, --接受任何服务器证书。 alpn = alpn, --支持的应用层协议协商列表,按优先顺序排列。如果两个对等点都支持 ALPN,则选择的协议将是此列表中的一个,如果没有相互支持的协议则连接将失败。 diff --git a/luci-app-passwall2/po/zh-cn/passwall2.po b/luci-app-passwall2/po/zh-cn/passwall2.po index 2b6784be..9a276018 100644 --- a/luci-app-passwall2/po/zh-cn/passwall2.po +++ b/luci-app-passwall2/po/zh-cn/passwall2.po @@ -1174,6 +1174,9 @@ msgstr "原版Trojan只支持'tls',请选择'tls'。" msgid "Transfer mode" msgstr "传输模式" +msgid "Do not send server name in ClientHello." +msgstr "不要在 ClientHello 中发送服务器名称." + msgid "Domain" msgstr "域名"