Skip to content
On this page

SIP002 URI scheme

SIP002 purposed a new URI scheme, following RFC3986:

SS-URI = "ss://" userinfo "@" hostname ":" port [ "/" ] [ "?" plugin ] [ "#" tag ]
userinfo = websafe-base64-encode-utf8(method  ":" password)
           method ":" password

Note that encoding userinfo with Base64URL is recommended but optional for Stream and AEAD (SIP004). But for AEAD-2022 (SIP022), userinfo MUST NOT be encoded with Base64URL. When userinfo is not encoded, method and password MUST be percent encoded.

The last / should be appended if plugin is present, but is optional if only tag is present. Example: ss://[email protected]:8888/?plugin=url-encoded-plugin-argument-value&unsupported-arguments=should-be-ignored#Dummy+profile+name. This kind of URIs can be parsed by standard libraries provided by most languages.

For plugin argument, we use the similar format as TOR_PT_SERVER_TRANSPORT_OPTIONS, which have the format like simple-obfs;obfs=http; where colons, semicolons, equal signs and backslashes MUST be escaped with a backslash.


With user info encoded with Base64URL:

Plain user info:

  • ss://2022-blake3-aes-256-gcm:YctPZ6U7xPPcU%2Bgp3u%2B0tx%2FtRizJN9K8y%2BuKlW2qjlI%[email protected]:8888#Example3
  • ss://2022-blake3-aes-256-gcm:YctPZ6U7xPPcU%2Bgp3u%2B0tx%2FtRizJN9K8y%2BuKlW2qjlI%[email protected]:8888/?plugin=v2ray-plugin%3Bserver#Example3


Q1: Why parse user info to Base64URL?

A1: To safely encode all the characters in the key string. Note that we never try to "encrypt" your key in the URI.

Q2: Why not parse host name and port number into Base64URL?

A2: As mentioned above, we never try to "encrypt" anything in the URI. Additional parsing of host name and port number is not necessary.

Q3: Why not every client supports SIP002 URI scheme?

A3: Currently, SIP002 is still an optional feature unless the client supports SIP003 plugin.

Q4: Why the tags with space is truncated?

A4: White space is not legal in URI. It should be escaped. For example, ss://...#shadowsocks server 1 (illegal URI) should be escaped into ss://...#shadowsocks%20server%201 (legal URI).

This website is released under the MIT License.