SagerNet/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2025-04-02 19:37:37 +03:00
Code Issues Projects Releases Packages Wiki Activity
sing-box/docs/configuration/inbound/shadowtls.md

2.4 KiB
Raw Blame History

icon
material/new-box

!!! quote "Changes in sing-box 1.12.0"

:material-plus: [wildcard_sni](#wildcard_sni)

Structure

{
  "type": "shadowtls",
  "tag": "st-in",

  ... // Listen Fields

  "version": 3,
  "password": "fuck me till the daylight",
  "users": [
    {
      "name": "sekai",
      "password": "8JCsPssfgS8tiRwiMlhARg=="
    }
  ],
  "handshake": {
    "server": "google.com",
    "server_port": 443,
    
    ... // Dial Fields
  },
  "handshake_for_server_name": {
    "example.com": {
      "server": "example.com",
      "server_port": 443,

      ... // Dial Fields
    }
  },
  "strict_mode": false,
  "wildcard_sni": ""
}

Listen Fields

See Listen Fields for details.

Fields

version

ShadowTLS protocol version.

Value Protocol Version
1 (default) ShadowTLS v1
2 ShadowTLS v2
3 ShadowTLS v3

password

ShadowTLS password.

Only available in the ShadowTLS protocol 2.

users

ShadowTLS users.

Only available in the ShadowTLS protocol 3.

handshake

==Required==

When wildcard_sni is configured to all, the server address is optional.

Handshake server address and Dial Fields.

handshake_for_server_name

Handshake server address and Dial Fields for specific server name.

Only available in the ShadowTLS protocol 2/3.

strict_mode

ShadowTLS strict mode.

Only available in the ShadowTLS protocol 3.

wildcard_sni

!!! question "Since sing-box 1.12.0"

ShadowTLS wildcard SNI mode.

Available values are:

  • off: (default) Disabled.
  • authed: Authenticated connections will have their destination overwritten to (servername):443
  • all: All connections will have their destination overwritten to (servername):443

Additionally, connections matching handshake_for_server_name are not affected.

Only available in the ShadowTLS protocol 3.