Skip to content

TLS

TLS is a data channel type in GOST.

TLS Certificate Configuration

For TLS configuration, please refer to TLS configuration

Standard TLS Service

gost -L tls://:8443
services:
- name: service-0
  addr: :
  handler:
    type: auto
  listener:
    type: tls

Multiplexing

GOST extends TLS with multiplexing feature (mtls). Multiplexing is based on xtaci/smux library.

gost -L mtls://:8443
services:
- name: service-0
  addr: :
  handler:
    type: auto
  listener:
    type: mtls
    metadata:
      mux.version: 1

Options

mux.version (int, default=1)
SMUX protocol version.
mux.keepaliveDisabled (bool, default=false)
Whether to disable heartbeat.
mux.keepaliveInterval (duration, default=10s)
Heartbeat interval.
mux.keepaliveTimeout (duration, default=30s)
Heartbeat timeout.
mux.maxFrameSize (int, default=32768)
Maximum frame length.
mux.maxReceiveBuffer (int, default=4194304)
Receive buffer size.
mux.maxStreamBuffer (int, default=65536)
Steam Buffer Size.

Proxy

TLS data channel can be used in combination with various proxy protocols.

HTTP Over TLS

gost -L http+tls://:8443
services:
- name: service-0
  addr: :8443
  handler:
    type: http
  listener:
    type: tls
    # type: mtls

SOCKS5 Over TLS

gost -L socks5+tls://:8443
services:
- name: service-0
  addr: :8443
  handler:
    type: socks5
  listener:
    type: tls
    # type: mtls

Relay Over TLS

gost -L relay+tls://:8443
services:
- name: service-0
  addr: :8443
  handler:
    type: relay
  listener:
    type: tls
    # type: mtls

Port Forwarding

TLS tunnel can also be used for port forwarding, which is equivalent to adding TLS encryption on top of TCP port forwarding services.

Server

gost -L tls://:8443/:8080 -L http://:8080

is equivalent to

gost -L forward+tls://:8443/:8080 -L http://:8080
services:
- name: service-0
  addr: :8443
  handler:
    type: forward
  listener:
    type: tls
  forwarder:
    nodes:
    - name: target-0
      addr: :8080
- name: service-1
  addr: :8080
  handler:
    type: http
  listener:
    type: tcp

By using port forwarding of the TLS data channel, a TLS encrypted data channel is added to the HTTP proxy service on port 8080.

At this time, port 8443 is equivalent to:

gost -L http+tls://:8443

Comments