Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2875) is ready to test on iOS.
What to Test:
* 该版本中开始限制外部资源大小为不超过 10MB,避免异常的外部资源导致内存超限。(domain-set 除外)
新代理协议支持:Hysteria 2,Hysteria 2 是一个为不稳定和容易丢包的网络环境所优化的代理协议,基于 UDP/QUIC。
配置样例:
Proxy = hysteria2, 192.168.20.62, 443, password=pwd, sni=test.com, download-bandwidth 0
配置中支持所有 TLS 相关参数,download-bandwidth 为选填但推荐填写,单位为 Mbps。
Tips:
- Hysteria 2 的 Brutal 流控算法通过由用户主动提供其带宽上限作为参数的方式进行优化,关于 Hysteria 的流控策略请详见项目文档:https://v2.hysteria.network/zh/docs/misc/Hysteria-Brutal/
- 该参数应取用户当前网络带宽上限和服务器带宽上限中的较小值。
- 在不提供 download-bandwidth 参数时,Hysteria 2 将回退至 BBR 流控算法,这种情况下 Hysteria 与 TUIC 等基于 QUIC 的协议表现应该几乎一致。
- Surge 不支持客户端侧(即上传)的 Brutal 流控算法。
- 该版本尚未完成 UDP 转发支持,尚未提供 UI 配置,将在后续版本中提供。
Surge 5 5.21.0 (2875) is ready to test on iOS.
What to Test:
* 该版本中开始限制外部资源大小为不超过 10MB,避免异常的外部资源导致内存超限。(domain-set 除外)
新代理协议支持:Hysteria 2,Hysteria 2 是一个为不稳定和容易丢包的网络环境所优化的代理协议,基于 UDP/QUIC。
配置样例:
Proxy = hysteria2, 192.168.20.62, 443, password=pwd, sni=test.com, download-bandwidth 0
配置中支持所有 TLS 相关参数,download-bandwidth 为选填但推荐填写,单位为 Mbps。
Tips:
- Hysteria 2 的 Brutal 流控算法通过由用户主动提供其带宽上限作为参数的方式进行优化,关于 Hysteria 的流控策略请详见项目文档:https://v2.hysteria.network/zh/docs/misc/Hysteria-Brutal/
- 该参数应取用户当前网络带宽上限和服务器带宽上限中的较小值。
- 在不提供 download-bandwidth 参数时,Hysteria 2 将回退至 BBR 流控算法,这种情况下 Hysteria 与 TUIC 等基于 QUIC 的协议表现应该几乎一致。
- Surge 不支持客户端侧(即上传)的 Brutal 流控算法。
- 该版本尚未完成 UDP 转发支持,尚未提供 UI 配置,将在后续版本中提供。
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2398
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Other improvements.
Version 5.4.0-2398
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Other improvements.
Forwarded from Surge TestFlight's Changelog
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2399
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Other improvements.
Version 5.4.0-2399
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Other improvements.
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2400
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Other improvements.
Version 5.4.0-2400
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2878) is ready to test on iOS.
What to Test:
- 修正使用 Hysteria 2 协议时可能出现的一个错误
Surge 5 5.21.0 (2878) is ready to test on iOS.
What to Test:
- 修正使用 Hysteria 2 协议时可能出现的一个错误
Forwarded from 整点猫咪Channel (🐈🐈⬛🐈⬛整点猫咪️ ️)
手动搭建 Hysteria2 协议用于Surge
https://surge.tel/21/2816/
https://surge.tel/21/2816/
整点猫咪
手动搭建 Hysteria2 协议用于Surge/Loon
手动搭建 Hysteria2 协议用于Surge/Loon 沉寂了很久的老刘,在今天surge的TF版Surg…
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2401
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) for the Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Other improvements.
Version 5.4.0-2401
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) for the Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2879) is ready to test on iOS.
What to Test:
* 修正规则集的外部资源更新后需要重新才能生效的问题
* 在网络切换后将强制打断原有的 DoH/DoQ/DoH3 长连接,避免获取到不适合当前网络环境的结果
* 完成对 Vector(Surge Ponte) 与 TUIC 协议的 ECN 支持(Explicit Congestion Notification),显著改善在较差的网络环境下的带宽表现。(对 Hysteria2 的 BBR 模式也可能有效,未测试)
1. 具体来说,达到最大带宽的时间(爬坡)将明显缩短,最大带宽也将有所提升
2. ECN 需要服务端和链路上所有网络设备支持,一般情况下均默认支持。但当使用代理链时无效。
3. 在代理的详情页(策略组列表界面长按策略进入),可直接查看 TUIC 协议的 ECN 生效状态。也可以自行抓包确认。
4. 对 Surge Ponte 的优化需同时更新 Surge Mac 版本,且只对非代理转接模式有效。
Surge 5 5.21.0 (2879) is ready to test on iOS.
What to Test:
* 修正规则集的外部资源更新后需要重新才能生效的问题
* 在网络切换后将强制打断原有的 DoH/DoQ/DoH3 长连接,避免获取到不适合当前网络环境的结果
* 完成对 Vector(Surge Ponte) 与 TUIC 协议的 ECN 支持(Explicit Congestion Notification),显著改善在较差的网络环境下的带宽表现。(对 Hysteria2 的 BBR 模式也可能有效,未测试)
1. 具体来说,达到最大带宽的时间(爬坡)将明显缩短,最大带宽也将有所提升
2. ECN 需要服务端和链路上所有网络设备支持,一般情况下均默认支持。但当使用代理链时无效。
3. 在代理的详情页(策略组列表界面长按策略进入),可直接查看 TUIC 协议的 ECN 生效状态。也可以自行抓包确认。
4. 对 Surge Ponte 的优化需同时更新 Surge Mac 版本,且只对非代理转接模式有效。
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2402
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) for the Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Other improvements.
Version 5.4.0-2402
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) for the Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Other improvements.
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2403
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) for the Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Other improvements.
Version 5.4.0-2403
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) for the Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Other improvements.
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2404
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) for the Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Other improvements.
Version 5.4.0-2404
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) for the Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2881) is ready to test on iOS.
What to Test:
由于 ECN 的网络兼容性不及预期,ECN 功能调整为手动开启。
- 可为 TUIC 或 Hysteria2 策略配置 ecn=true 开启
- 可使用以下配置开启 Ponte 客户端设备的 ECN 支持,Ponte 服务端默认开启
[Ponte]
client-ecn = true
- DoQ 和 DOH3 不提供参数,也没有必要开启 ECN,该版本中已关闭。
若开启 ECN 后无法使用,则表示与服务器的链路间存在不兼容 ECN 的设备,我们正在考虑在 Subnet Settings 中加入针对特定网络的开关。
Surge 5 5.21.0 (2881) is ready to test on iOS.
What to Test:
由于 ECN 的网络兼容性不及预期,ECN 功能调整为手动开启。
- 可为 TUIC 或 Hysteria2 策略配置 ecn=true 开启
- 可使用以下配置开启 Ponte 客户端设备的 ECN 支持,Ponte 服务端默认开启
[Ponte]
client-ecn = true
- DoQ 和 DOH3 不提供参数,也没有必要开启 ECN,该版本中已关闭。
若开启 ECN 后无法使用,则表示与服务器的链路间存在不兼容 ECN 的设备,我们正在考虑在 Subnet Settings 中加入针对特定网络的开关。
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2406
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Other improvements.
Version 5.4.0-2406
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2882) is ready to test on iOS.
What to Test:
- 增加了 ECN 功能的 UI 开关
- 修正了一些错误
Surge 5 5.21.0 (2882) is ready to test on iOS.
What to Test:
- 增加了 ECN 功能的 UI 开关
- 修正了一些错误
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2407
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Other improvements.
Version 5.4.0-2407
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Other improvements.
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2408
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Other improvements.
Version 5.4.0-2408
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Other improvements.
GitHub
GitHub - apernet/hysteria: Hysteria is a powerful, lightning fast and censorship resistant proxy.
Hysteria is a powerful, lightning fast and censorship resistant proxy. - apernet/hysteria
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2409
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Other improvements.
Version 5.4.0-2409
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2884) is ready to test on iOS.
What to Test:
一直以来 Surge iOS/macOS 都是使用的代理优先,VIF 为补充的方式接管系统请求。这样做有几个好处:
1. 代理模式接管时,App 和 Surge 间使用的是 loopback socket 通讯,由于不需要在 userspace 进行 TCP 重组装,代理接管模式比 VIF 模式更高效。
2. 当请求通过 HTTP 代理模式被接管时,说明这个请求一定是 HTTP/HTTPS 协议(HTTP CONNECT 模式下可能有些许例外)。这使得 Surge 可以直接使用 HTTP/MITM 引擎进行处理。而如果由 VIF 接管,则并没有方法绝对确认这是否是 HTTP/HTTPS 协议,只能靠端口号/数据包特征进行猜测。
3. 使用 HTTP 引擎接管除了可以使用修改功能外,还可以使得 Surge 在建立向外的连接时,在连接建立阶段便发出客户端首个数据包,即 0-RTT,降低握手延迟。
但是越来越多的 App 开始检测系统代理设置并拒绝工作,这是一种既不专业也无必要的安全措施,一方面来说代理设置在一些大型企业中是一种很常见的配置,另一方面即使不设置代理,也可以通过 VIF 甚至上级路由劫持或修改流量。如果 App 在意流量安全,应该正确使用 Certificate Pinning 等安全手段,而非在代理设置上为难用户。
但是由于使用代理的用户量确实过少使得无法影响厂商决策,我们不得不进行妥协。Surge iOS 将调整为 VIF 接管优先的工作模式以绕过该问题。目前测试阶段将强制切换为该模式,之后将重新开放代理模式优先选项。如果某 app 在该版本后无法正常工作请反馈。
于此同时,还优化了 VIF 引擎的工作方式以应对该变化:
1. 发往 80/443 端口的请求,会等待客户端发送第一个数据包后,判断是否为有效的 HTTP/TLS 请求决定处理方式,若非有效的 HTTP 请求,或 300ms 内未收到首个数据包,则回退至 TCP 转发模式。因此对于使用 80 端口的请求,不再需要配置 force-http-engine-hosts 参数。
2. 将自动识别 TLS Client Hello 消息并提取 SNI,下个版本将增加针对 SNI 的规则和 MITM 主机名匹配。
其他说明:
1. 目前仅对 80/443 端口开启了协议自识别,因为部分协议是由服务端先发送数据,如 SSH、IMAP、FTP,等待客户端数据再进行后续工作的流程将对这些请求造成不必要的延迟。其余端口的 HTTP 请求若需要由 HTTP 引擎处理依然需要配置 force-http-engine-hosts。
2. MITM 依然需要配置主机名以开启,但是不再需要 tcp-connection 参数,将默认对 TCP 请求生效。
3. 本次调整后,由于 VIF 接管的 HTTP/HTTPS 请求将自动由 HTTP 引擎处理,对比原来手动配置 VIF Only 兼容模式的方式,HTTP/HTTPS 请求的握手延迟会有所下降。(因为可以正确识别与构造 early data 完成 0-RTT 握手。原先仅在代理模式下支持)
Surge 5 5.21.0 (2884) is ready to test on iOS.
What to Test:
一直以来 Surge iOS/macOS 都是使用的代理优先,VIF 为补充的方式接管系统请求。这样做有几个好处:
1. 代理模式接管时,App 和 Surge 间使用的是 loopback socket 通讯,由于不需要在 userspace 进行 TCP 重组装,代理接管模式比 VIF 模式更高效。
2. 当请求通过 HTTP 代理模式被接管时,说明这个请求一定是 HTTP/HTTPS 协议(HTTP CONNECT 模式下可能有些许例外)。这使得 Surge 可以直接使用 HTTP/MITM 引擎进行处理。而如果由 VIF 接管,则并没有方法绝对确认这是否是 HTTP/HTTPS 协议,只能靠端口号/数据包特征进行猜测。
3. 使用 HTTP 引擎接管除了可以使用修改功能外,还可以使得 Surge 在建立向外的连接时,在连接建立阶段便发出客户端首个数据包,即 0-RTT,降低握手延迟。
但是越来越多的 App 开始检测系统代理设置并拒绝工作,这是一种既不专业也无必要的安全措施,一方面来说代理设置在一些大型企业中是一种很常见的配置,另一方面即使不设置代理,也可以通过 VIF 甚至上级路由劫持或修改流量。如果 App 在意流量安全,应该正确使用 Certificate Pinning 等安全手段,而非在代理设置上为难用户。
但是由于使用代理的用户量确实过少使得无法影响厂商决策,我们不得不进行妥协。Surge iOS 将调整为 VIF 接管优先的工作模式以绕过该问题。目前测试阶段将强制切换为该模式,之后将重新开放代理模式优先选项。如果某 app 在该版本后无法正常工作请反馈。
于此同时,还优化了 VIF 引擎的工作方式以应对该变化:
1. 发往 80/443 端口的请求,会等待客户端发送第一个数据包后,判断是否为有效的 HTTP/TLS 请求决定处理方式,若非有效的 HTTP 请求,或 300ms 内未收到首个数据包,则回退至 TCP 转发模式。因此对于使用 80 端口的请求,不再需要配置 force-http-engine-hosts 参数。
2. 将自动识别 TLS Client Hello 消息并提取 SNI,下个版本将增加针对 SNI 的规则和 MITM 主机名匹配。
其他说明:
1. 目前仅对 80/443 端口开启了协议自识别,因为部分协议是由服务端先发送数据,如 SSH、IMAP、FTP,等待客户端数据再进行后续工作的流程将对这些请求造成不必要的延迟。其余端口的 HTTP 请求若需要由 HTTP 引擎处理依然需要配置 force-http-engine-hosts。
2. MITM 依然需要配置主机名以开启,但是不再需要 tcp-connection 参数,将默认对 TCP 请求生效。
3. 本次调整后,由于 VIF 接管的 HTTP/HTTPS 请求将自动由 HTTP 引擎处理,对比原来手动配置 VIF Only 兼容模式的方式,HTTP/HTTPS 请求的握手延迟会有所下降。(因为可以正确识别与构造 early data 完成 0-RTT 握手。原先仅在代理模式下支持)