Stream
{
"transport":"tcp",
"transportSettings":{},
"security":"none",
"securitySettings":{}
}
transport
: name of<transport>
transportSettings
: settings of<transport>
security
: name of<security>
It has to be one of supported Security Protocol.
securitySettings
: settings of<security>
socketSettings
: SocketConfigObject
Supported Streams
TLS
- Name:
tls
- Type: Security Protocol
- ID:
security.tls
serverName
: string
The server name indication domain name for TLS connection.
nextProtocol
: [string]
The ALPN for TLS connections.
disableSystemRoot
: true | false
Whether system level Certificate Authority Store should be trusted.
pinnedPeerCertificateChainSha256
: [string]
Pinned Peer Certificate Chain SHA256 Hash. Should be represented in base64 format.
certificate
: [CertificateObject]
CertificateObject
usage
: string
The purpose of the certificate.
"ENCIPHERMENT"
: The certificate is used for TLS authentication and encryption."AUTHORITY_VERIFY"
: The certificate is used to verify the remote TLS certificate. When using this option, the current certificate must be a CA certificate."AUTHORITY_VERIFY_CLIENT"
: : The certificate is used to verify the remote TLS client certificate. When using this option, the current certificate must be a CA certificate."AUTHORITY_ISSUE"
: The certificate is used to issue other certificates. When using this option, the current certificate must be a CA certificate.
Certificate
: string
The Certificate file in PEM format.
Key
: string
The Certificate private key file in PEM format.
certificateFile
: string
The path for the Certificate file.
keyFile
: string
The path for the Certificate private key file.
uTLS
- Name:
utls
- Type: Security Protocol
- ID:
security.utls
uTLS is a fork of TLS aimed at trying to imitate the client hello fingerprint of popular TLS implementation to hide the client identity of a Go language program. (v5.2.0+)
It is only supports client mode and in certain transports. If you use it in a context where it is not supported, the process will crash.
uTLS is supported in the following transports:
- TCP
- WebSocket
When you are using uTLS in some transport, the APLN will be overridden for its correct function. It may be a slightly different fingerprint than specified.
tlsConfig
: TLSConfig
The Embedded TLS Setting for uTLS connections. Only some of its field are effective.
Supported Fields:
- Certificate Authority Settings (allowInsecure is ignored)
imitate
: string
The TLS client fingerprint to use for the uTLS connection.
randomized
randomizedalpn
randomizednoalpn
firefox_auto
firefox_55
firefox_56
firefox_63
firefox_65
firefox_99
firefox_102
firefox_105
chrome_auto
chrome_58
chrome_62
chrome_70
chrome_72
chrome_83
chrome_87
chrome_96
chrome_100
chrome_102
ios_auto
ios_11_1
ios_12_1
ios_13
ios_14
android_11_okhttp
edge_auto
edge_85
edge_106
safari_auto
safari_16_0
360_auto
360_7_5
360_11_0
qq_auto
qq_11_1
noSNI
: bool
Do not send Server Name Indication in the client hello. This may result in failed connection.
forceAlpn
: "TRANSPORT_PREFERENCE_TAKE_PRIORITY" | "NO_ALPN" | "UTLS_PRESET"
Controls data source for Application-Layer Protocol Negotiation (ALPN) extension. You can use this setting to make connect resemble the imitated program better. In correct setting will result in connection failure. (v5.3.0+)
TRANSPORT_PREFERENCE_TAKE_PRIORITY
: Default value. If user have set an ALPN at TLS setting, use that. Otherwise the default from transport will be used.NO_ALPN
: Do not send ALPN TLS extension.UTLS_PRESET
: Use value from uTLS template.