anytls 0.3.2

A proxy protocol that attempts to mitigate the TLS in TLS fingerprinting problem
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

# Frequently Asked Questions


## General Questions


### What is AnyTLS?


AnyTLS is a proxy protocol designed to mitigate TLS in TLS fingerprinting issues. It uses flexible packet splitting and padding strategies to make traffic patterns less detectable.

### Why Rust?


This is a Rust implementation of the AnyTLS protocol, providing better performance and memory safety compared to the original Go implementation.

### How does it work?


AnyTLS works by:
1. Establishing a TLS connection between client and server
2. Using custom padding schemes to obfuscate traffic patterns
3. Implementing connection reuse to reduce latency
4. Supporting both TCP and UDP (via UDP over TCP) proxying

## Installation


### Building from Source


```bash
git clone https://github.com/anytls/anytls-rs
cd anytls-rs
cargo build --release
```

### Dependencies


- Rust 1.70+
- OpenSSL or equivalent TLS library
- Tokio runtime

## Configuration


### Client Configuration


```bash
./anytls-client -l 127.0.0.1:1080 -s server:8443 -p password
```

### Server Configuration


```bash
./anytls-server -l 0.0.0.0:8443 -p password
```

### Advanced Options


- `--sni`: Set SNI for TLS connection
- `--padding-scheme`: Load custom padding scheme file
- `--log-level`: Set logging level

## Troubleshooting


### Connection Issues


1. Check firewall settings
2. Verify server address and port
3. Ensure password matches between client and server
4. Check TLS certificate validity

### Performance Issues


1. Adjust padding scheme for your network conditions
2. Tune connection reuse parameters
3. Monitor memory usage and connection counts

### Debugging


Enable debug logging:
```bash
RUST_LOG=debug ./anytls-client -l 127.0.0.1:1080 -s server:8443 -p password
```

## Protocol Compatibility


### Version Support


- Protocol Version 1: Basic functionality
- Protocol Version 2: Enhanced timeout handling and heartbeat

### Client Compatibility


- AnyTLS-RS Client: Full support
- Sing-box: Via anytls plugin
- Mihomo: Via anytls plugin
- Shadowrocket: 2.2.65+

## Security Considerations


### Password Security


- Use strong, random passwords
- Consider using environment variables for passwords
- Rotate passwords regularly

### TLS Security


- Use valid TLS certificates
- Consider using custom CA certificates
- Monitor for certificate expiration

### Network Security


- Run server behind firewall
- Use non-standard ports when possible
- Monitor for unusual traffic patterns

## Performance Tuning


### Connection Reuse


Adjust these parameters for your use case:
- `idleSessionCheckInterval`: How often to check for idle sessions
- `idleSessionTimeout`: How long to keep idle sessions
- `minIdleSession`: Minimum number of idle sessions to maintain

### Padding Scheme


Customize padding scheme based on:
- Network latency
- Bandwidth requirements
- Detection avoidance needs

## Contributing


### Development Setup


1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests
5. Submit a pull request

### Code Style


- Follow Rust conventions
- Use `cargo fmt` for formatting
- Use `cargo clippy` for linting
- Add documentation for public APIs

## License


This project is licensed under the MIT License. See LICENSE file for details.

## Support


- GitHub Issues: For bug reports and feature requests
- Discussions: For general questions and community support
- Documentation: Check the docs/ directory for detailed information