2.9 KiB
Shadowsocks
The Shadowsocks protocol is compatible with most other implementations of Shadowsocks.
The current compatibility is as follows:
- Supports TCP and UDP packet forwarding, with the option to selectively disable UDP.
- Recommended encryption methods:
- 2022-blake3-aes-128-gcm
- 2022-blake3-aes-256-gcm
- 2022-blake3-chacha20-poly1305
- Other encryption methods:
- aes-256-gcm
- aes-128-gcm
- chacha20-poly1305 or chacha20-ietf-poly1305
- xchacha20-poly1305 or xchacha20-ietf-poly1305
- none or plain
The Shadowsocks 2022 new protocol format improves performance and includes complete replay protection, addressing the following security issues in the old protocol:
- Serious vulnerabilities in Shadowsocks AEAD encryption, which cannot guarantee the integrity of the communication content
- Increasing false positive rate of the original TCP replay filter over time
- Lack of UDP replay protection
- TCP behaviors that can be used for active probing
::: danger Traffic transmitted without encryption using the "none" method will be in plain text. Do not use it on public networks for security reasons. :::
InboundConfigurationObject
{
"settings": {
"password": "password",
"method": "aes-256-gcm",
"level": 0,
"email": "love@xray.com",
"network": "tcp,udp"
}
}
network: "tcp" | "udp" | "tcp,udp"
The supported network protocol type. For example, when specified as "tcp", it will only handle TCP traffic. The default value is "tcp".
ClientObject
{
"password": "密码",
"method": "aes-256-gcm",
"level": 0,
"email": "love@xray.com"
}
method: string
Required.
password: string
Required.
- Shadowsocks 2022
Use a pre-shared key similar to WireGuard as the password.
Use openssl rand -base64 <length> to generate a compatible key with shadowsocks-rust, where the length depends on the encryption method used.
| Encryption Method | Key Length |
|---|---|
| 2022-blake3-aes-128-gcm | 16 |
| 2022-blake3-aes-256-gcm | 32 |
| 2022-blake3-chacha20-poly1305 | 32 |
In the Go implementation, a 32-byte key always works.
- Other encryption methods
Any string. There is no limitation on the password length, but shorter passwords are more susceptible to cracking. It is recommended to use a password of 16 characters or longer.
level: number
The user level that the connection will use to determine the corresponding Local Policy.
The value of level corresponds to the value of level in the policy. If not specified, the default value is 0.
The user's email, used to differentiate traffic from different users (logs, statistics).