diff --git a/component/ca/config.go b/component/ca/config.go index 3589b77b..d93c7937 100644 --- a/component/ca/config.go +++ b/component/ca/config.go @@ -12,6 +12,7 @@ import ( "github.com/metacubex/mihomo/common/once" C "github.com/metacubex/mihomo/constant" + "github.com/metacubex/mihomo/ntp" ) var globalCertPool *x509.CertPool @@ -110,6 +111,7 @@ func GetTLSConfig(opt Option) (tlsConfig *tls.Config, err error) { if tlsConfig == nil { tlsConfig = &tls.Config{} } + tlsConfig.Time = ntp.Now if opt.ZeroTrust { tlsConfig.RootCAs = zeroTrustCertPool() diff --git a/hub/route/server.go b/hub/route/server.go index 94e3a922..a3afdfc5 100644 --- a/hub/route/server.go +++ b/hub/route/server.go @@ -20,6 +20,7 @@ import ( tlsC "github.com/metacubex/mihomo/component/tls" C "github.com/metacubex/mihomo/constant" "github.com/metacubex/mihomo/log" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/tunnel/statistic" "github.com/go-chi/chi/v5" @@ -201,7 +202,7 @@ func startTLS(cfg *Config) { } log.Infoln("RESTful API tls listening at: %s", l.Addr().String()) - tlsConfig := &tlsC.Config{} + tlsConfig := &tlsC.Config{Time: ntp.Now} tlsConfig.NextProtos = []string{"h2", "http/1.1"} tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)} diff --git a/listener/anytls/server.go b/listener/anytls/server.go index ccbc47a2..6c6995c9 100644 --- a/listener/anytls/server.go +++ b/listener/anytls/server.go @@ -17,6 +17,7 @@ import ( C "github.com/metacubex/mihomo/constant" LC "github.com/metacubex/mihomo/listener/config" "github.com/metacubex/mihomo/listener/sing" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/transport/anytls/padding" "github.com/metacubex/mihomo/transport/anytls/session" @@ -42,7 +43,7 @@ func New(config LC.AnyTLSServer, tunnel C.Tunnel, additions ...inbound.Addition) } } - tlsConfig := &tlsC.Config{} + tlsConfig := &tlsC.Config{Time: ntp.Now} if config.Certificate != "" && config.PrivateKey != "" { cert, err := ca.LoadTLSKeyPair(config.Certificate, config.PrivateKey, C.Path) if err != nil { diff --git a/listener/http/server.go b/listener/http/server.go index bacfa844..d4f2396a 100644 --- a/listener/http/server.go +++ b/listener/http/server.go @@ -12,6 +12,7 @@ import ( authStore "github.com/metacubex/mihomo/listener/auth" LC "github.com/metacubex/mihomo/listener/config" "github.com/metacubex/mihomo/listener/reality" + "github.com/metacubex/mihomo/ntp" ) type Listener struct { @@ -65,7 +66,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A return nil, err } - tlsConfig := &tlsC.Config{} + tlsConfig := &tlsC.Config{Time: ntp.Now} var realityBuilder *reality.Builder if config.Certificate != "" && config.PrivateKey != "" { diff --git a/listener/mixed/mixed.go b/listener/mixed/mixed.go index d9d99eca..71759278 100644 --- a/listener/mixed/mixed.go +++ b/listener/mixed/mixed.go @@ -16,6 +16,7 @@ import ( "github.com/metacubex/mihomo/listener/http" "github.com/metacubex/mihomo/listener/reality" "github.com/metacubex/mihomo/listener/socks" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/transport/socks4" "github.com/metacubex/mihomo/transport/socks5" ) @@ -61,7 +62,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A return nil, err } - tlsConfig := &tlsC.Config{} + tlsConfig := &tlsC.Config{Time: ntp.Now} var realityBuilder *reality.Builder if config.Certificate != "" && config.PrivateKey != "" { diff --git a/listener/sing_hysteria2/server.go b/listener/sing_hysteria2/server.go index 849ed445..b12953b8 100644 --- a/listener/sing_hysteria2/server.go +++ b/listener/sing_hysteria2/server.go @@ -20,6 +20,7 @@ import ( LC "github.com/metacubex/mihomo/listener/config" "github.com/metacubex/mihomo/listener/sing" "github.com/metacubex/mihomo/log" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/sing-quic/hysteria2" @@ -61,6 +62,7 @@ func New(config LC.Hysteria2Server, tunnel C.Tunnel, additions ...inbound.Additi return nil, err } tlsConfig := &tlsC.Config{ + Time: ntp.Now, MinVersion: tlsC.VersionTLS13, } tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)} diff --git a/listener/sing_vless/server.go b/listener/sing_vless/server.go index d4fc3973..efd66026 100644 --- a/listener/sing_vless/server.go +++ b/listener/sing_vless/server.go @@ -15,6 +15,7 @@ import ( LC "github.com/metacubex/mihomo/listener/config" "github.com/metacubex/mihomo/listener/reality" "github.com/metacubex/mihomo/listener/sing" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/transport/gun" "github.com/metacubex/mihomo/transport/vless/encryption" mihomoVMess "github.com/metacubex/mihomo/transport/vmess" @@ -75,7 +76,7 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition) }() } - tlsConfig := &tlsC.Config{} + tlsConfig := &tlsC.Config{Time: ntp.Now} var realityBuilder *reality.Builder var httpServer http.Server diff --git a/listener/sing_vmess/server.go b/listener/sing_vmess/server.go index 0b4d013a..def2ed6e 100644 --- a/listener/sing_vmess/server.go +++ b/listener/sing_vmess/server.go @@ -76,7 +76,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition) sl = &Listener{false, config, nil, service} - tlsConfig := &tlsC.Config{} + tlsConfig := &tlsC.Config{Time: ntp.Now} var realityBuilder *reality.Builder var httpServer http.Server diff --git a/listener/socks/tcp.go b/listener/socks/tcp.go index 33cf02f0..22058e5a 100644 --- a/listener/socks/tcp.go +++ b/listener/socks/tcp.go @@ -15,6 +15,7 @@ import ( authStore "github.com/metacubex/mihomo/listener/auth" LC "github.com/metacubex/mihomo/listener/config" "github.com/metacubex/mihomo/listener/reality" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/transport/socks4" "github.com/metacubex/mihomo/transport/socks5" ) @@ -60,7 +61,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A return nil, err } - tlsConfig := &tlsC.Config{} + tlsConfig := &tlsC.Config{Time: ntp.Now} var realityBuilder *reality.Builder if config.Certificate != "" && config.PrivateKey != "" { diff --git a/listener/trojan/server.go b/listener/trojan/server.go index 3ea7c387..e4a60c98 100644 --- a/listener/trojan/server.go +++ b/listener/trojan/server.go @@ -15,6 +15,7 @@ import ( LC "github.com/metacubex/mihomo/listener/config" "github.com/metacubex/mihomo/listener/reality" "github.com/metacubex/mihomo/listener/sing" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/transport/gun" "github.com/metacubex/mihomo/transport/shadowsocks/core" "github.com/metacubex/mihomo/transport/socks5" @@ -70,7 +71,7 @@ func New(config LC.TrojanServer, tunnel C.Tunnel, additions ...inbound.Addition) } sl = &Listener{false, config, nil, keys, pickCipher, h} - tlsConfig := &tlsC.Config{} + tlsConfig := &tlsC.Config{Time: ntp.Now} var realityBuilder *reality.Builder var httpServer http.Server diff --git a/listener/tuic/server.go b/listener/tuic/server.go index 2037177e..4f65b512 100644 --- a/listener/tuic/server.go +++ b/listener/tuic/server.go @@ -14,6 +14,7 @@ import ( LC "github.com/metacubex/mihomo/listener/config" "github.com/metacubex/mihomo/listener/sing" "github.com/metacubex/mihomo/log" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/transport/socks5" "github.com/metacubex/mihomo/transport/tuic" @@ -53,6 +54,7 @@ func New(config LC.TuicServer, tunnel C.Tunnel, additions ...inbound.Addition) ( return nil, err } tlsConfig := &tlsC.Config{ + Time: ntp.Now, MinVersion: tlsC.VersionTLS13, } tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)} diff --git a/transport/simple-obfs/tls.go b/transport/simple-obfs/tls.go index a0cbc350..e64dde5d 100644 --- a/transport/simple-obfs/tls.go +++ b/transport/simple-obfs/tls.go @@ -6,9 +6,9 @@ import ( "encoding/binary" "io" "net" - "time" "github.com/metacubex/mihomo/common/pool" + "github.com/metacubex/mihomo/ntp" ) const ( @@ -145,7 +145,7 @@ func makeClientHelloMsg(data []byte, server string) []byte { buf.Write([]byte{0x03, 0x03}) // random with timestamp, sid len, sid - binary.Write(buf, binary.BigEndian, uint32(time.Now().Unix())) + binary.Write(buf, binary.BigEndian, uint32(ntp.Now().Unix())) buf.Write(random) buf.WriteByte(32) buf.Write(sessionID) diff --git a/transport/ssr/obfs/tls1.2_ticket_auth.go b/transport/ssr/obfs/tls1.2_ticket_auth.go index d5955edc..3106ace6 100644 --- a/transport/ssr/obfs/tls1.2_ticket_auth.go +++ b/transport/ssr/obfs/tls1.2_ticket_auth.go @@ -7,9 +7,9 @@ import ( "encoding/binary" "net" "strings" - "time" "github.com/metacubex/mihomo/common/pool" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/transport/ssr/tools" "github.com/metacubex/randv2" @@ -182,7 +182,7 @@ func packData(buf *bytes.Buffer, data []byte) { } func (t *tls12Ticket) packAuthData(buf *bytes.Buffer) { - binary.Write(buf, binary.BigEndian, uint32(time.Now().Unix())) + binary.Write(buf, binary.BigEndian, uint32(ntp.Now().Unix())) tools.AppendRandBytes(buf, 18) buf.Write(t.hmacSHA1(buf.Bytes()[buf.Len()-22:])[:10]) } diff --git a/transport/ssr/protocol/base.go b/transport/ssr/protocol/base.go index 79870177..8f03f609 100644 --- a/transport/ssr/protocol/base.go +++ b/transport/ssr/protocol/base.go @@ -8,10 +8,10 @@ import ( "encoding/base64" "encoding/binary" "sync" - "time" "github.com/metacubex/mihomo/common/pool" "github.com/metacubex/mihomo/log" + "github.com/metacubex/mihomo/ntp" "github.com/metacubex/mihomo/transport/shadowsocks/core" "github.com/metacubex/randv2" @@ -49,7 +49,7 @@ func (a *authData) next() *authData { } func (a *authData) putAuthData(buf *bytes.Buffer) { - binary.Write(buf, binary.LittleEndian, uint32(time.Now().Unix())) + binary.Write(buf, binary.LittleEndian, uint32(ntp.Now().Unix())) buf.Write(a.clientID[:]) binary.Write(buf, binary.LittleEndian, a.connectionID) } @@ -57,7 +57,7 @@ func (a *authData) putAuthData(buf *bytes.Buffer) { func (a *authData) putEncryptedData(b *bytes.Buffer, userKey []byte, paddings [2]int, salt string) error { encrypt := pool.Get(16) defer pool.Put(encrypt) - binary.LittleEndian.PutUint32(encrypt, uint32(time.Now().Unix())) + binary.LittleEndian.PutUint32(encrypt, uint32(ntp.Now().Unix())) copy(encrypt[4:], a.clientID[:]) binary.LittleEndian.PutUint32(encrypt[8:], a.connectionID) binary.LittleEndian.PutUint16(encrypt[12:], uint16(paddings[0]))