package xray.transport.internet.tls

Get desktop application:
View/edit binary Protocol Buffers messages

Used in: Config

bytes certificate = 1
TLS certificate in x509 format.
bytes key = 2
TLS key in x509 format.
Certificate.Usage usage = 3
uint64 ocsp_stapling = 4
string certificate_path = 5
TLS certificate path
string key_path = 6
TLS Key path
bool One_time_loading = 7
If true, one-Time Loading
bool build_chain = 8

Used in: Certificate

ENCIPHERMENT = 0
AUTHORITY_VERIFY = 1
AUTHORITY_ISSUE = 2

bool allow_insecure = 1
Whether or not to allow self-signed certificates.
repeated Certificate certificate = 2
List of certificates to be served on server.
string server_name = 3
Override server name.
repeated string next_protocol = 4
Lists of string as ALPN values.
bool enable_session_resumption = 5
Whether or not to enable session (ticket) resumption.
bool disable_system_root = 6
If true, root certificates on the system will not be loaded for verification.
string min_version = 7
The minimum TLS version.
string max_version = 8
The maximum TLS version.
string cipher_suites = 9
Specify cipher suites, except for TLS 1.3.
string fingerprint = 11
TLS Client Hello fingerprint (uTLS).
bool reject_unknown_sni = 12
repeated bytes pinned_peer_certificate_chain_sha256 = 13
@Document Some certificate chain sha256 hashes. @Document After normal validation or allow_insecure, if the server's cert chain hash does not match any of these values, the connection will be aborted. @Critical
repeated bytes pinned_peer_certificate_public_key_sha256 = 14
@Document Some certificate public key sha256 hashes. @Document After normal validation (required), if one of certs in verified chain matches one of these values, the connection will be eventually accepted. @Critical
string master_key_log = 15
repeated string curve_preferences = 16
Lists of string as CurvePreferences values.
repeated string verify_peer_cert_in_names = 17
@Document Replaces server_name to verify the peer cert. @Document After allow_insecure (automatically), if the server's cert can't be verified by any of these names, pinned_peer_certificate_chain_sha256 will be tried. @Critical

package xray.transport.internet.tls

message Certificate

bytes certificate = 1

bytes key = 2

Certificate.Usage usage = 3

uint64 ocsp_stapling = 4

string certificate_path = 5

string key_path = 6

bool One_time_loading = 7

bool build_chain = 8

enum Certificate.Usage

ENCIPHERMENT = 0

AUTHORITY_VERIFY = 1

AUTHORITY_ISSUE = 2

message Config

bool allow_insecure = 1

repeated Certificate certificate = 2

string server_name = 3

repeated string next_protocol = 4

bool enable_session_resumption = 5

bool disable_system_root = 6

string min_version = 7

string max_version = 8

string cipher_suites = 9

string fingerprint = 11

bool reject_unknown_sni = 12

repeated bytes pinned_peer_certificate_chain_sha256 = 13

repeated bytes pinned_peer_certificate_public_key_sha256 = 14

string master_key_log = 15

repeated string curve_preferences = 16

repeated string verify_peer_cert_in_names = 17