diff --git a/docs/configuration/shared/tls.md b/docs/configuration/shared/tls.md index 9a02bbff..18b4cfe5 100644 --- a/docs/configuration/shared/tls.md +++ b/docs/configuration/shared/tls.md @@ -12,6 +12,9 @@ "certificate_path": "", "key": [], "key_path": "", + "clientAuth": false, + "clientCA": [], + "clientCA_path": "", "acme": { "domain": [], "data_directory": "", @@ -64,8 +67,13 @@ "min_version": "", "max_version": "", "cipher_suites": [], - "certificate": "", + "certificate": [], "certificate_path": "", + "clientAuth": false, + "client_key": [], + "client_key_path": "", + "client_certificate": [], + "client_certificate_path": "", "ech": { "enabled": false, "pq_signature_schemes_enabled": false, @@ -189,6 +197,46 @@ The server private key line array, in PEM format. The path to the server private key, in PEM format. +#### clientAuth + +Enable TLS Client Authentication + +#### clientCA + +==Server only== + +The server's client CA Certificate line array, in PEM format. + +#### clientCA_path + +==Server only== + +The path to the server's client CA certificate, in PEM format. + +#### client_certificate + +==Client only== + +The client certificate line array, in PEM format. + +#### certificate_path + +==Client only== + +The path to the client certificate, in PEM format. + +#### client_key + +==Client only== + +The client private key line array, in PEM format. + +#### client_key_path + +==Client only== + +The path to the client private, in PEM format. + ## Custom TLS support !!! info "QUIC support" @@ -245,7 +293,7 @@ It is recommended to match the parameters of `sing-box generate ech-keypair`. Disables adaptive sizing of TLS records. -When true, the largest possible TLS record size is always used. +When true, the largest possible TLS record size is always used. When false, the size of TLS records may be adjusted in an attempt to improve latency. #### key @@ -405,4 +453,4 @@ Check disabled if empty. ### Reload -For server configuration, certificate, key and ECH key will be automatically reloaded if modified. \ No newline at end of file +For server configuration, certificate, key and ECH key will be automatically reloaded if modified. diff --git a/docs/configuration/shared/tls.zh.md b/docs/configuration/shared/tls.zh.md index bbb08719..8756a207 100644 --- a/docs/configuration/shared/tls.zh.md +++ b/docs/configuration/shared/tls.zh.md @@ -12,6 +12,9 @@ "certificate_path": "", "key": [], "key_path": "", + "clientAuth": false, + "clientCA": [], + "clientCA_path": "", "acme": { "domain": [], "data_directory": "", @@ -66,9 +69,14 @@ "cipher_suites": [], "certificate": [], "certificate_path": "", + "clientAuth": false, + "client_key": [], + "client_key_path": "", + "client_certificate": [], + "client_certificate_path": "", "ech": { "enabled": false, - "pq_signature_schemes_enabled": false, + "pqignature_schemes_enabled": false, "dynamic_record_sizing_disabled": false, "config": [], "config_path": "" @@ -189,6 +197,46 @@ TLS 版本值: 服务器 PEM 私钥路径。 +#### clientAuth + +启用客户端验证 + +#### clientCA + +==仅服务器== + +服务器 PEM 验证客户端 CA 证书行数组 + +#### clientCA_path + +==仅服务器== + +服务器 PEM 验证客户端 CA 证书路径 + +#### client_certificate + +==仅客户端== + +客户端 PEM 证书行数组。 + +#### certificate_path + +==仅客户端== + +客户端 PEM 证书路径。 + +#### client_key + +==仅客户端== + +客户端 PEM 私钥行数组。 + +#### client_key_path + +==仅客户端== + +客户端 PEM 私钥路径。 + #### utls ==仅客户端== @@ -394,4 +442,4 @@ ACME DNS01 验证字段。如果配置,将禁用其他验证方法。 ### 重载 -对于服务器配置,如果修改,证书和密钥将自动重新加载。 \ No newline at end of file +对于服务器配置,如果修改,证书和密钥将自动重新加载。