back to home

XTLS / REALITY

THE NEXT FUTURE

4,860 stars
411 forks
3 issues
Go
Chat with CodebaseArchitecture ScanSecurity AuditExplain Codebase

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing XTLS/REALITY in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Source files are only loaded when you start an analysis to optimize performance.
Click here to launch the interactive analysis workspace

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind.in/repo/XTLS/REALITY)
Preview:Analyzed by RepoMind

Repository Overview (README excerpt)

Crawler view

REALITY THE NEXT FUTURE Server side implementation of REALITY protocol, a fork of package tls in latest Go. For client side, please follow https://github.com/XTLS/Xray-core/blob/main/transport/internet/reality/reality.go. TODO List: TODO Donation & NFTs Collect a Project X NFT to support the development of Project X! • **ETH/USDT/USDC: ** • **Project X NFT: https://opensea.io/item/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/1** • **VLESS NFT: https://opensea.io/collection/vless** • **REALITY NFT: https://opensea.io/item/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/2** • **Related links: VLESS Post-Quantum Encryption, XHTTP: Beyond REALITY, Announcement of NFTs by Project X** VLESS-XTLS-uTLS-REALITY example for Xray-core 中文 | English 若用 REALITY 取代 TLS,**可消除服务端 TLS 指纹特征**,仍有前向保密性等,**且证书链攻击无效,安全性超越常规 TLS** **可以指向别人的网站**,无需自己买域名、配置 TLS 服务端,更方便,**实现向中间人呈现指定 SNI 的全程真实 TLS** 通常代理用途,目标网站最低标准:**国外网站,支持 TLSv1.3 与 H2,域名非跳转用**(主域名可能被用于跳转到 www) 加分项:IP 相近(更像,且延迟低),Server Hello 后的握手消息一起加密(如 dl.google.com),有 OCSP Stapling 配置加分项:**禁回国流量,TCP/80、UDP/443 也转发**(REALITY 对外表现即为端口转发,目标 IP 冷门或许更好) **REALITY 也可以搭配 XTLS 以外的代理协议使用**,但不建议这样做,因为它们存在明显且已被针对的 TLS in TLS 特征 REALITY 的下一个主要目标是“**预先构建模式**”,即提前采集目标网站特征,XTLS 的下一个主要目标是 **0-RTT** REALITY 客户端应当收到由“**临时认证密钥**”签发的“**临时可信证书**”,但以下三种情况会收到目标网站的真证书: • REALITY 服务端拒绝了客户端的 Client Hello,流量被导入目标网站 • 客户端的 Client Hello 被中间人重定向至目标网站 • 中间人攻击,可能是目标网站帮忙,也可能是证书链攻击 REALITY 客户端可以完美区分临时可信证书、真证书、无效证书,并决定下一步动作: • 收到临时可信证书时,连接可用,一切如常 • 收到真证书时,进入爬虫模式 • 收到无效证书时,TLS alert,断开连接 Stargazers over time