SIP002 URI Scheme

SIP002 purposed a new URI scheme, following RFC3986:

SS-URI = "ss://" userinfo "@" hostname ":" port [ "/" ] [ "?" plugin ] [ "#" tag ]
userinfo = websafe-base64-encode-utf8(method  ":" password)

The last / should be appended if plugin is present, but is optional if only tag is present. Example: ss:[email protected]:8888/?plugin=url-encoded-plugin-argument-value&unsupported-arguments=should-be-ignored#Dummy+profile+name. This kind of URIs can be parsed by standard libraries provided by most languages.

For plugin argument, we use the similar format as TOR_PT_SERVER_TRANSPORT_OPTIONS, which have the format like simple-obfs;obfs=http; where colons, semicolons, equal signs and backslashes MUST be escaped with a backslash.


  • ss:[email protected]:8888#Example1
  • ss:[email protected]:8888/?plugin=obfs-local%3Bobfs%3Dhttp#Example2


Q1: Why parse user info to Base64URL?

A1: To safely encode all the characters in the key string. Note that we never try to "encrypt" your key in the URI.

Q2: Why not parse host name and port number into Base64URL?

A2: As mentioned above, we never try to "encrypt" anything in the URI. Additional parsing of host name and port number is not necessary.

Q3: Why not every client supports SIP002 URI scheme?

A3: Currently, SIP002 is still an optional feature unless the client supports SIP003 plugin.