Merge pull request #97 from v14d4n/feat/masque-configurable-sni

Make masque TLS SNI configurable via server_name
2026-06-26 20:29:03 +03:00 · 2026-06-26 14:39:20 +03:00
parent 2a77348470 7bfad732e2
commit a27453e4f7
3 changed files with 7 additions and 1 deletions
--- a/examples/masque/client.json
+++ b/examples/masque/client.json
@@ -42,6 +42,7 @@
      "congestion_controller": "bbr",
      "cwnd": 0,
      "tls": { // TLS fields for HTTP2
+        "server_name": "", // SNI; empty = default "consumer-masque.cloudflareclient.com"
        "insecure": false,
        "cipher_suites": [],
        "curve_preferences": [],
--- a/option/masque.go
+++ b/option/masque.go
@@ -24,6 +24,7 @@ type MASQUEOutboundOptions struct {
 }

 type MASQUEOutboundTLSOptions struct {
+	ServerName            string                              `json:"server_name,omitempty"`
 	Insecure              bool                                `json:"insecure,omitempty"`
 	CipherSuites          badoption.Listable[string]          `json:"cipher_suites,omitempty"`
 	CurvePreferences      badoption.Listable[CurvePreference] `json:"curve_preferences,omitempty"`
--- a/protocol/masque/outbound.go
+++ b/protocol/masque/outbound.go
@@ -102,7 +102,11 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 			logger.ErrorContext(ctx, E.New("failed to generate cert: ", err))
 			return
 		}
-		tlsConfig, err := tls.NewMASQUEClient(ctx, logger, "consumer-masque.cloudflareclient.com", cert, privKey, peerPubKey, common.PtrValueOrDefault(options.TLS))
+		serverName := cloudflare.ConnectSNI
+		if options.TLS != nil && options.TLS.ServerName != "" {
+			serverName = options.TLS.ServerName
+		}
+		tlsConfig, err := tls.NewMASQUEClient(ctx, logger, serverName, cert, privKey, peerPubKey, common.PtrValueOrDefault(options.TLS))
 		if err != nil {
 			logger.ErrorContext(ctx, E.New("failed to prepare TLS config: ", err))
 			return