Skip to content

v0.2.2

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 04 Dec 04:41
· 1 commit to master since this release
v0.2.2
6e6f12a

New Features

Client Chaining (client_chains)

Multi-hop proxy chains with load balancing support. Traffic can now be routed through multiple proxies in sequence.

  • Multi-hop chains: Route traffic through multiple proxies sequentially (e.g., proxy1 -> proxy2 -> target)
  • Round-robin chains: Specify multiple chains and rotate between them for load distribution
  • Pool-based load balancing: At each hop, use a pool of proxies for load balancing
  • New config fields: client_chain (singular) and client_chains (multiple)
  • See examples/multi_hop_chain.yaml for usage examples

TUIC v5 Zero-RTT Handshake

New zero_rtt_handshake option for TUIC v5 servers enables 0-RTT (0.5-RTT for server) handshakes for faster connection establishment.

protocol:
  type: tuic
  uuid: "..."
  password: "..."
  zero_rtt_handshake: true  # Default: false

Note: 0-RTT is vulnerable to replay attacks. Only enable if the latency benefit outweighs security concerns.

Reality Cipher Suites

Both Reality server and client now support specifying TLS 1.3 cipher suites.

# Server
reality_targets:
  "example.com":
    cipher_suites: ["TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"]
    ...

# Client
protocol:
  type: reality
  cipher_suites: ["TLS_AES_256_GCM_SHA384"]
  ...

Valid values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256

Reality Client Version Control

Server-side Reality configuration can now restrict client versions:

reality_targets:
  "example.com":
    min_client_version: [1, 8, 0]  # [major, minor, patch]
    max_client_version: [2, 0, 0]
    ...

Deprecations

client_proxy / client_proxies in Rules

The client_proxy and client_proxies fields in rule configurations are deprecated in favor of client_chain and client_chains.

Migration: Replace client_proxy: with client_chain: in your configuration files. The old fields still work but will emit a warning and may be removed in a future version.

Before:

rules:
  - masks: "0.0.0.0/0"
    action: allow
    client_proxy: my-proxy-group

After:

rules:
  - masks: "0.0.0.0/0"
    action: allow
    client_chain: my-proxy-group

VMess force_aead / aead Fields

The force_aead and aead fields in VMess configuration are deprecated. AEAD mode is now always enabled, and non-AEAD (legacy) mode is no longer supported.

Migration: Remove force_aead and aead fields from your VMess configurations. They have no effect and will be ignored.

Removed / Breaking Changes

VMess Non-AEAD Mode Removed

VMess non-AEAD (legacy) mode is no longer supported. All VMess connections now use AEAD encryption exclusively. This improves security but breaks compatibility with very old VMess clients that don't support AEAD.

Other Changes

  • Hysteria2 and TUIC servers now have authentication timeouts (3 seconds by default) to prevent connection hogging
  • Improved fragment packet handling with LRU cache eviction
  • TUIC server now sends heartbeat packets to maintain connection liveness
Assets 8
Loading