SIP002 URI scheme
SIP002 purposed a new URI scheme, following RFC3986:
SS-URI = "ss://" userinfo "@" hostname ":" port [ "/" ] [ "?" plugin ] [ "#" tag ]
userinfo = websafe-base64-encode-utf8(method ":" password)
method ":" password
Note that encoding userinfo
with Base64URL is recommended but optional for Stream and AEAD (SIP004). But for AEAD-2022 (SIP022), userinfo
MUST NOT be encoded with Base64URL. When userinfo
is not encoded, method
and password
MUST be percent encoded.
The last /
should be appended if plugin is present, but is optional if only tag is present. Example: ss://[email protected]:8888/?plugin=url-encoded-plugin-argument-value&unsupported-arguments=should-be-ignored#Dummy+profile+name
. This kind of URIs can be parsed by standard libraries provided by most languages.
For plugin argument, we use the similar format as TOR_PT_SERVER_TRANSPORT_OPTIONS
, which have the format like simple-obfs;obfs=http;obfs-host=example.com
where colons, semicolons, equal signs and backslashes MUST be escaped with a backslash.
Examples:
With user info encoded with Base64URL:
ss://[email protected]:8888#Example1
ss://[email protected]:8888/?plugin=obfs-local%3Bobfs%3Dhttp#Example2
Plain user info:
ss://2022-blake3-aes-256-gcm:YctPZ6U7xPPcU%2Bgp3u%2B0tx%2FtRizJN9K8y%2BuKlW2qjlI%[email protected]:8888#Example3
ss://2022-blake3-aes-256-gcm:YctPZ6U7xPPcU%2Bgp3u%2B0tx%2FtRizJN9K8y%2BuKlW2qjlI%[email protected]:8888/?plugin=v2ray-plugin%3Bserver#Example3
FAQ:
Q1: Why parse user info to Base64URL?
A1: To safely encode all the characters in the key string. Note that we never try to "encrypt" your key in the URI.
Q2: Why not parse host name and port number into Base64URL?
A2: As mentioned above, we never try to "encrypt" anything in the URI. Additional parsing of host name and port number is not necessary.
Q3: Why not every client supports SIP002 URI scheme?
A3: Currently, SIP002 is still an optional feature unless the client supports SIP003 plugin.
Q4: Why the tags with space is truncated?
A4: White space is not legal in URI. It should be escaped. For example, ss://...#shadowsocks server 1
(illegal URI) should be escaped into ss://...#shadowsocks%20server%201
(legal URI).