ShadowTLS
Changes in sing-box 1.12.0
Structure
{
"type": "shadowtls",
"tag": "st-in",
... // Listen Fields
"version": 3,
"password": "fuck me till the daylight",
"users": [
{
"name": "sekai",
"password": "8JCsPssfgS8tiRwiMlhARg=="
}
],
"handshake": {
"server": "google.com",
"server_port": 443,
... // Dial Fields
},
"handshake_for_server_name": {
"example.com": {
"server": "example.com",
"server_port": 443,
... // Dial Fields
}
},
"strict_mode": false,
"wildcard_sni": ""
}
Listen Fields
See Listen Fields for details.
Fields
version
ShadowTLS protocol version.
| Value | Protocol Version |
|---|---|
1 (default) |
ShadowTLS v1 |
2 |
ShadowTLS v2 |
3 |
ShadowTLS v3 |
password
ShadowTLS password.
Only available in the ShadowTLS protocol 2.
users
ShadowTLS users.
Only available in the ShadowTLS protocol 3.
handshake
Required
When wildcard_sni is configured to all, the server address is optional.
Handshake server address and Dial Fields.
handshake_for_server_name
Handshake server address and Dial Fields for specific server name.
Only available in the ShadowTLS protocol 2/3.
strict_mode
ShadowTLS strict mode.
Only available in the ShadowTLS protocol 3.
wildcard_sni
Since sing-box 1.12.0
ShadowTLS wildcard SNI mode.
Available values are:
off: (default) Disabled.authed: Authenticated connections will have their destination overwritten to(servername):443all: All connections will have their destination overwritten to(servername):443
Additionally, connections matching handshake_for_server_name are not affected.
Only available in the ShadowTLS protocol 3.