Xray-docs-next/docs/en/config/outbounds/shadowsocks.md

3.2 KiB

Shadowsocks

Shadowsocks protocol is compatible with most other implementations.

Here are the features and compatibility of Shadowsocks:

  • It supports TCP and UDP packet forwarding, with the option to disable UDP.
  • Recommended encryption methods:
    • 2022-blake3-aes-128-gcm
    • 2022-blake3-aes-256-gcm
    • 2022-blake3-chacha20-poly1305
  • Other encryption methods:
    • aes-256-gcm
    • aes-128-gcm
    • chacha20-poly1305 (also known as chacha20-ietf-poly1305)
    • none or plain

The new protocol format of Shadowsocks 2022 improves performance and includes full replay protection, addressing security issues present in the old protocol:

::: danger Using the "none" encryption method will transmit traffic in plaintext. It is not recommended to use "none" encryption on public networks to ensure security. :::

OutboundConfigurationObject

{
  "servers": [
    {
      "email": "love@xray.com",
      "address": "127.0.0.1",
      "port": 1234,
      "method": "encryption method",
      "password": "password",
      "uot": true,
      "level": 0
    }
  ]
}

servers: [ServerObject]

An array representing a group of Shadowsocks server settings, where each item is a ServerObject.

ServerObject

{
  "email": "love@xray.com",
  "address": "127.0.0.1",
  "port": 1234,
  "method": "encryption method",
  "password": "password",
  "uot": true,
  "level": 0
}

email: string

Email address (optional) used to identify the user.

address: address

The address of the Shadowsocks server, supporting IPv4, IPv6, and domain names. Required.

port: number

The port of the Shadowsocks server. Required.

method: string

Encryption method. Required.

password: string

Password. Required.

uot: bool

When enabled, UDP over TCP (UOT) will be used.

  • Shadowsocks 2022

Use a pre-shared key (PSK) similar to WireGuard as the password.

To generate a compatible key with shadowsocks-rust, use openssl rand -base64 <length>, where the length depends on the encryption method used.

Encryption Method Key Length
2022-blake3-aes-128-gcm 16
2022-blake3-aes-256-gcm 32
2022-blake3-chacha20-poly1305 32

In the Go implementation, a 32-byte key always works.

  • Other encryption methods

Any string can be used as a password. There is no limit on the password length, but shorter passwords are more susceptible to cracking. It is recommended to use a password of 16 characters or longer.

level: number

User level. Connections will use the corresponding local policy associated with this user level.

The level value corresponds to the level value in the policy. If not specified, the default value is 0.