Signed-off-by: arraykeys@gmail.com <arraykeys@gmail.com>

services/http/http.go

@@ -344,7 +344,6 @@ func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *ut
 			Password: *s.cfg.ParentKey,
 		})
 	}
-
 	outAddr := outConn.RemoteAddr().String()
 	//outLocalAddr := outConn.LocalAddr().String()
 	if req.IsHTTPS() && (!useProxy || *s.cfg.ParentType == "ssh") {
@@ -353,8 +352,8 @@ func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *ut
 	} else {
 		//https或者http,上级是代理,proxy需要转发
 		outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		//直连目标或上级非代理,清理HTTP头部的代理头信息
+		//直连目标或上级非代理或非SNI,清理HTTP头部的代理头信息.
-		if !useProxy || *s.cfg.ParentType == "ssh" {
+		if (!useProxy || *s.cfg.ParentType == "ssh") && !req.IsSNI {
 			_, err = outConn.Write(utils.RemoveProxyHeaders(req.HeadBuf))
 		} else {
 			_, err = outConn.Write(req.HeadBuf)

utils/conncrypt/conncrypt.go

@@ -12,8 +12,8 @@ import (
 )
 
 //Confg defaults
-const DefaultIterations = 2048
+const DefaultIterations = 1024
-const DefaultKeySize = 32 //256bits
+const DefaultKeySize = 24 //256bits
 var DefaultHashFunc = sha256.New
 var DefaultSalt = []byte(`
 (;QUHj.BQ?RXzYSO]ifkXp/G!kFmWyXyEV6Nt!d|@bo+N$L9+<d$|g6e26T}

utils/structs.go

@@ -329,6 +329,7 @@ type HTTPRequest struct {
 	isBasicAuth bool
 	basicAuth   *BasicAuth
 	log         *logger.Logger
+	IsSNI       bool
 }
 
 func NewHTTPRequest(inConn *net.Conn, bufSize int, isBasicAuth bool, basicAuth *BasicAuth, log *logger.Logger, header ...[]byte) (req HTTPRequest, err error) {
@@ -360,6 +361,7 @@ func NewHTTPRequest(inConn *net.Conn, bufSize int, isBasicAuth bool, basicAuth *
 		//sni success
 		req.Method = "SNI"
 		req.hostOrURL = "https://" + serverName + ":443"
+		req.IsSNI = true
 	} else {
 		//sni fail , try http
 		index := bytes.IndexByte(req.HeadBuf, '\n')