You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+11Lines changed: 11 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -395,6 +395,17 @@ Supported proxy schemes are:
395
395
*`h2c` - HTTP/2 proxy over plaintext connection with the CONNECT method support. Examples: `h2c://example.org:8080`.
396
396
*`fetchrandom` - request server to send random data in the first request via every new HTTP/2 connection. Useful to trick TLS-in-TLS detection. Value format: length as a number or range `x-y`. Example: `fetchrandom=100000-500000`.
397
397
*`socks5`, `socks5h` - SOCKS5 proxy with hostname resolving via remote proxy. Example: `socks5://127.0.0.1:9050`.
398
+
*`socks5s`, `socks5hs` - SOCKS5 proxy over TLS with hostname resolving via remote proxy. Example: `socks5s://example.com:10443`. This method also supports additional parameters passed in query string:
399
+
*`cafile` - file with CA certificates in PEM format used to verify TLS peer.
400
+
*`sni` - override value of ServerName Indication extension.
401
+
*`peername` - expect specified name in peer certificate. Empty string relaxes any name constraints.
402
+
*`cert` - file with user certificate for mutual TLS authentication. Should be used in conjunction with `key`.
403
+
*`key` - file with private key matching user certificate specified with `cert` option.
404
+
*`ciphers` - colon-separated list of enabled TLS ciphersuites.
405
+
*`curves` - colon-separated list of enabled TLS key exchange curves.
406
+
*`min-tls-version` - minimum TLS version.
407
+
*`max-tls-version` - maximum TLS version.
408
+
*`utls-fp` - TLS fingerprint parroting with uTLS library. See the [list](https://pkg.go.dev/github.com/refraction-networking/utls#pkg-variables) of allowed client IDs. Example: `utls-fp=HelloChrome_Auto`.
398
409
*`set-src-hints` - not an actual proxy, but a signal to use different source IP address hints for this connection. It's useful to route traffic across multiple network interfaces, including VPN connections. URL has to have one query parameter `hints` with a comma-separated list of IP addresses. See `-ip-hints` command line option for more details. Example: `set-src-hints://?hints=10.2.0.2`
399
410
*`cached` - pseudo-dialer which caches construction of another dialer specified by URL passed in `url` parameter of query string. Useful for dialers which are constructed dynamically from JS router script and which load certificate files. Example: `cache://?url=https%3A%2F%2Fexample.org%3Fcert%3Dcert.pem%26key%3Dkey.pem&ttl=5m`. Query string parameters are:
400
411
*`url` - actual proxy URL. Note that just like any query string parameter this one has to be URL-encoded to be passed as query string value.
0 commit comments