XTLS and enterprise custom SSL cert #2726
Replies: 1 comment
-
|
Short answer : Reality can not connect. Other tls in tls method will connect but can be detected easily. Long answer : This method is simply man-in-the-middle(mitm) proxy. For example client ask for google.com and send it to proxy server. Proxy server will establish tls connection with google.com and start receiving encrypted data, then server will forge a certificate for google.com and start tls connection with client. Because client already trusted the CA certificate of proxy you won't see any red flag in web browser or other app. At the end client receive google.com data with tls certificate from proxy server not the real certificate of google.com In tls in tls method connection is possible but first layer of tls will be decrypted by mitm proxy and it revealed the protocol like VLESS inside tls. then it will be blocked In Reality connection will fail, because Reality client will use its public key for tls handshake and not the mitm server public certificate. Therefor tls handshake will fail |
Beta Was this translation helpful? Give feedback.
-
Please tell me, can XTLS Vision+Reality pass SSL/TLS inspection for VPN traffic?
For example:
A) for some time these settings were in Kazakhstan
https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html
B) can be used in organizations ( NGFW devices Cisco/Fortinet
Or is it better to use the http method?
Thank you in advance
Beta Was this translation helpful? Give feedback.
All reactions