Add Network.framework TLS engine

2026-04-13 01:32:48 +08:00
parent 2e64545db4
commit 9b75d28ca4
13 changed files with 8401 additions and 7436 deletions
--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@@ -108,6 +108,7 @@ icon: material/new-box
 ```json
 {
  "enabled": true,
+  "engine": "",
  "disable_sni": false,
  "server_name": "",
  "insecure": false,
@@ -188,6 +189,49 @@ Cipher suite values:

 Enable TLS.

+#### engine
+
+==Client only==
+
+TLS engine to use.
+
+Values:
+
+* `go`
+* `apple`
+
+`apple` uses Network.framework, only available on Apple platforms and only supports **direct** TCP TLS client connections.
+
+!!! warning ""
+
+    Experimental only: due to the high memory overhead of both CGO and Network.framework,
+    do not use in proxy paths on iOS and tvOS.
+    If you want to circumvent TLS fingerprint-based proxy censorship,
+    use [NaiveProxy](/configuration/outbound/naive/) instead.
+
+Supported fields:
+
+* `server_name`
+* `insecure`
+* `alpn`
+* `min_version`
+* `max_version`
+* `certificate` / `certificate_path`
+* `certificate_public_key_sha256`
+* `handshake_timeout`
+
+Unsupported fields:
+
+* `disable_sni`
+* `cipher_suites`
+* `curve_preferences`
+* `client_certificate` / `client_certificate_path` / `client_key` / `client_key_path`
+* `fragment` / `record_fragment`
+* `kernel_tx` / `kernel_rx`
+* `ech`
+* `utls`
+* `reality`
+
 #### disable_sni

 ==Client only==
--- a/docs/configuration/shared/tls.zh.md
+++ b/docs/configuration/shared/tls.zh.md
@@ -108,6 +108,7 @@ icon: material/new-box
 ```json
 {
  "enabled": true,
+  "engine": "",
  "disable_sni": false,
  "server_name": "",
  "insecure": false,
@@ -188,6 +189,48 @@ TLS 版本值：

 启用 TLS

+#### engine
+
+==仅客户端==
+
+要使用的 TLS 引擎。
+
+可用值：
+
+* `go`
+* `apple`
+
+`apple` 使用 Network.framework，仅在 Apple 平台可用，且仅支持 **直接** TCP TLS 客户端连接。
+
+!!! warning ""
+
+    仅供实验用途：由于 CGO 和 Network.framework 占用的内存都很多，
+    不应在 iOS 和 tvOS 的代理路径中使用。
+    如果您想规避基于 TLS 指纹的代理审查，应使用 [NaiveProxy](/zh/configuration/outbound/naive/)。
+
+支持的字段：
+
+* `server_name`
+* `insecure`
+* `alpn`
+* `min_version`
+* `max_version`
+* `certificate` / `certificate_path`
+* `certificate_public_key_sha256`
+* `handshake_timeout`
+
+不支持的字段：
+
+* `disable_sni`
+* `cipher_suites`
+* `curve_preferences`
+* `client_certificate` / `client_certificate_path` / `client_key` / `client_key_path`
+* `fragment` / `record_fragment`
+* `kernel_tx` / `kernel_rx`
+* `ech`
+* `utls`
+* `reality`
+
 #### disable_sni

 ==仅客户端==