github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #3992] [Feature Request] Customize the tls.Config used in HTTPProxyConf #3166

New issue
Open
opened 2026-05-05 14:02:59 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 14:02:59 -06:00
Owner
Copy link

Originally created by @clarkmcc on GitHub (Feb 14, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/3992

Describe the feature request

After upgrading to Go 1.22 I can no longer initiate proxy connections to some devices using some of the cipher suites deprecated in Go 1.22. I was able to resolve this issue in my application by customizing the cipher suites used in the tls.Config, however, I don't see any ability to do this within FRP.

Is there a solution or workaround? I'm using FRP as an embedded library.

Describe alternatives you've considered

No response

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @clarkmcc on GitHub (Feb 14, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/3992 ### Describe the feature request After upgrading to Go 1.22 I can no longer initiate proxy connections to some devices using some of the cipher suites [deprecated in Go 1.22](https://tip.golang.org/doc/go1.22). I was able to resolve this issue in my application by customizing the cipher suites used in the `tls.Config`, however, I don't see any ability to do this within FRP. Is there a solution or workaround? I'm using FRP as an embedded library. ### Describe alternatives you've considered _No response_ ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [X] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror added the
proposal
 label 2026-05-05 14:02:59 -06:00
gitea-mirror commented 2026-05-05 14:03:01 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Feb 19, 2024):

By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. This change can be reverted with the tlsrsakex=1 GODEBUG setting.

You can revert to the previous behavior by setting the tlsrsakex=1 GODEBUG environment variable from the release notes of golang?

I do not tend to provide configuration capabilities to use some parameters and capabilities that are deprecated by default in Go.

<!-- gh-comment-id:1951618328 --> @fatedier commented on GitHub (Feb 19, 2024): > By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. This change can be reverted with the tlsrsakex=1 GODEBUG setting. You can revert to the previous behavior by setting the tlsrsakex=1 GODEBUG environment variable from the release notes of golang? I do not tend to provide configuration capabilities to use some parameters and capabilities that are deprecated by default in Go.
gitea-mirror commented 2026-05-05 14:03:02 -06:00
Author
Owner
Copy link

@clarkmcc commented on GitHub (Feb 19, 2024):

The go:debug route isn't a good long term option because it will eventually be removed. I need to maintain compatibility with third-party IoT devices that are older and may not be upgraded.

For the record, I'm not asking for deprecated features, I'm asking for the ability to customize the TLS config used by the HTTP proxy. Being able to customize the TLS config is useful for many things not just compatibility with cipher suites required by older devices.

I was able to work around this by writing my own plugin, similar to how the http2https plugin works.

<!-- gh-comment-id:1951658931 --> @clarkmcc commented on GitHub (Feb 19, 2024): The go:debug route isn't a good long term option because it will eventually be removed. I need to maintain compatibility with third-party IoT devices that are older and may not be upgraded. For the record, I'm not asking for deprecated features, I'm asking for the ability to customize the TLS config used by the HTTP proxy. Being able to customize the TLS config is useful for many things not just compatibility with cipher suites required by older devices. I was able to work around this by writing my own plugin, similar to how the http2https plugin works.
gitea-mirror commented 2026-05-05 14:03:03 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Feb 19, 2024):

frp is currently not a fully functional proxy, so it is not suitable to expose configurations like these. Without the support of a unified architecture, this will only make things more complex and difficult to maintain.

However, in the plan for v2, we hope to introduce more such extension capabilities.

In general, this will not be done in the short term, but it may be supported in the long term.

<!-- gh-comment-id:1951699905 --> @fatedier commented on GitHub (Feb 19, 2024): frp is currently not a fully functional proxy, so it is not suitable to expose configurations like these. Without the support of a unified architecture, this will only make things more complex and difficult to maintain. However, in the plan for v2, we hope to introduce more such extension capabilities. In general, this will not be done in the short term, but it may be supported in the long term.
gitea-mirror commented 2026-05-05 14:03:04 -06:00
Author
Owner
Copy link

@clarkmcc commented on GitHub (Feb 19, 2024):

Sounds good! The plugin system does meet my needs in the short term.

<!-- gh-comment-id:1952860613 --> @clarkmcc commented on GitHub (Feb 19, 2024): Sounds good! The plugin system does meet my needs in the short term.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3166
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?