[GH-ISSUE #4599] TCP使用transport.proxyProtocolVersion = "v2"后，无法建立SSL连接

gitea-mirror commented

2026-05-05 14:20:02 -06:00

Owner

Copy link

Originally created by @tilongzs on GitHub (Dec 19, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/4599

Bug Description

我使用Libevent库支持SSL加密TCP传输，不使用transport.proxyProtocolVersion = "v2"时能正常通讯，加了之后，连接在Accept成功后立即就报错断开了。
因为服务端程序没有收到任何数据，我怀疑是在TCP连接建立成功后，“会先发送一段 Proxy Protocol 的协议内容给本地服务”，导致SSL握手失败。

frpc Version

0.61.1

frps Version

0.61.1

System Architecture

linux/amd64

Configurations

serverAddr = "xxx.xxx.xxx.xxx"
serverPort = 20000
auth.token = "xxxxxxxxxx"

proxies
name = "ServerA"
type = "tcp"
localIP = "0.0.0.0"
localPort = 20001
remotePort = 20001
transport.proxyProtocolVersion = "v2"

Logs

2024-12-19 17:54:03.993 [D] [proxy/proxy_wrapper.go:260] [e555b1af2a2e6fbb] [CenterServer] start a new work connection, localAddr: 192.168.100.10:33632 remoteAddr: xxx.xxx.xxx.xxx:20000
2024-12-19 17:54:03.993 [D] [proxy/proxy.go:210] [e555b1af2a2e6fbb] [CenterServer] join connections, localConn(l[127.0.0.1:47878] r[127.0.0.1:20001]) workConn(l[192.168.100.10:33632] r[xxx.xxx.xxx.xxx:20000])
2024-12-19 17:54:04.002 [D] [proxy/proxy.go:222] [e555b1af2a2e6fbb] [CenterServer] join connections closed

Steps to reproduce

...

Affected area

Docs
Installation
Performance and Scalability
Security
User Experience
Test and Release
Developer Infrastructure
Client Plugin
Server Plugin
Extensions
Others

Originally created by @tilongzs on GitHub (Dec 19, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/4599 ### Bug Description 我使用Libevent库支持SSL加密TCP传输，不使用transport.proxyProtocolVersion = "v2"时能正常通讯，加了之后，连接在Accept成功后立即就报错断开了。因为服务端程序没有收到任何数据，我怀疑是在TCP连接建立成功后，“会先发送一段 Proxy Protocol 的协议内容给本地服务”，导致SSL握手失败。 ### frpc Version 0.61.1 ### frps Version 0.61.1 ### System Architecture linux/amd64 ### Configurations serverAddr = "xxx.xxx.xxx.xxx" serverPort = 20000 auth.token = "xxxxxxxxxx" [[proxies]] name = "ServerA" type = "tcp" localIP = "0.0.0.0" localPort = 20001 remotePort = 20001 transport.proxyProtocolVersion = "v2" ### Logs 2024-12-19 17:54:03.993 [D] [proxy/proxy_wrapper.go:260] [e555b1af2a2e6fbb] [CenterServer] start a new work connection, localAddr: 192.168.100.10:33632 remoteAddr: xxx.xxx.xxx.xxx:20000 2024-12-19 17:54:03.993 [D] [proxy/proxy.go:210] [e555b1af2a2e6fbb] [CenterServer] join connections, localConn(l[127.0.0.1:47878] r[127.0.0.1:20001]) workConn(l[192.168.100.10:33632] r[xxx.xxx.xxx.xxx:20000]) 2024-12-19 17:54:04.002 [D] [proxy/proxy.go:222] [e555b1af2a2e6fbb] [CenterServer] join connections closed ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [X] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror closed this issue

2026-05-05 14:20:03 -06:00

gitea-mirror commented

2026-05-05 14:20:05 -06:00

Author

Owner

Copy link

@xqzr commented on GitHub (Dec 20, 2024):

本地服务需要实现“Proxy Protocol”

@xqzr commented on GitHub (Dec 20, 2024): 本地服务需要实现“Proxy Protocol”

gitea-mirror commented

2026-05-05 14:20:05 -06:00

Author

Owner

Copy link

@tilongzs commented on GitHub (Dec 22, 2024):

本地服务需要实现“Proxy Protocol”

我知道这个，在建立连接成功后去解析。在不使用SSL时，是能解析出来的。一旦使用SSL，还没到接收数据去解析的那一步，连接就自动断开了。
如果我猜测没错的话，那就是要TCP连接建立成功后，要么Libevent先解析“Proxy Protocol”后再进行SSL握手，要么frp等待SSL握手成功后再发送“Proxy Protocol”数据让我解析。

@tilongzs commented on GitHub (Dec 22, 2024): > 本地服务需要实现“Proxy Protocol” 我知道这个，在建立连接成功后去解析。在不使用SSL时，是能解析出来的。一旦使用SSL，还没到接收数据去解析的那一步，连接就自动断开了。如果我猜测没错的话，那就是要TCP连接建立成功后，要么Libevent先解析“Proxy Protocol”后再进行SSL握手，要么frp等待SSL握手成功后再发送“Proxy Protocol”数据让我解析。

gitea-mirror commented

2026-05-05 14:20:06 -06:00

Author

Owner

Copy link

@tilongzs commented on GitHub (Dec 22, 2024):

发现修改使用Libevent的accept流程，先解析“Proxy Protocol”后再进行SSL握手可以解决。

@tilongzs commented on GitHub (Dec 22, 2024): 发现修改使用Libevent的accept流程，先解析“Proxy Protocol”后再进行SSL握手可以解决。

No Branch/Tag specified