在这个发布的版本中，我们更新了trojan-go客户端的TLS指纹，使其与一些当下最流行的TLS指纹一致。我们希望这次更新可以缓解2022年10月3日以来的针对基于TLS翻墙软件的大规模封锁。具体来讲：

• 将trojan-go客户端使用的Go标准库cryto/tls完全替换为uTLS。
• 将依赖的uTLS升级到最新版本v1.1.2。

根据配置的不同，这个版本的trojan-go客户端会发送以下一种流行的Clienthello指纹。这些指纹已经不同于之前版本用Go的标准库发送的TLS指纹)：

fingerprint	是否设置了sni？	TLS指纹 ID
Chrome (default)	是	e47eae8f8c4887b6
Chrome (default)	否	90ac8a1dfa3b207c
iOS	是	133e933dd1dfea90
iOS	否	cff7f10f631feddd
Firefox	是	7161e10829541aab
Firefox	否	56fa08d84940a06b

我作为一名用户需要做什么？

• 您需要根据自己的操作系统，选择对应的客户端下载并更新。
• 您应该考虑将配置文件中的sni设置为服务器的域名。因为正如上表总结的，如果不配置SNI，客户端发送的Clienthello的指纹还是很特殊。
• 您不需要更新你的服务器。因为这次更新只对客户端做了改变。
• 您不必在配置文件中特意设置fingerprint。因为默认值(Chrome)已经是最流行的指纹了。

配置文件示例

{
    "run_type": "client",
    "local_addr": "127.0.0.1",
    "local_port": 1080,
    "remote_addr": "your-domain-name.com",
    "remote_port": 443,
    "password": [
        "your_awesome_password"
    ],
    "ssl": {
        "sni": "your-domain-name.com",
	"fingerprint": "Chrome"
    }
}

致trojan-go开发者

我们无意另起炉灶维护一个分支版本的trojan-go。我们之所以发布这个release是为了用户能够立即下载使用编译后的客户端。一旦我们的pull request请求被采纳，我们将归档这个仓库。

感谢

我们感谢uTLS的开发者，因为没有他们持续不断的努力，我们不可能轻松地将trojan-go升级到使用最流行的TLS指纹。我们感谢Eric Wustrow帮助我们理解uTLS库。

---

In this release, we upgrade trojan-go client's TLS fingerprint to some of the most popular ones. We hope such change will mitigate the large-scale blocking of TLS-based censorship circumvention protocols since October 3, 2022. In particular,

• Replace Go's standard cryto/tls with uTLS in trojan-go client.
• Upagrade uTLS to the latest version v1.1.2.

Depending on one's configuration, the Clienthello sent by trojan-go client will now look like one of the following popular fingerprints (rather than the Go's TLS fingerprint in previous versions):

fingerprint	sni value specified?	TLS Fingerprint ID
Chrome (default)	Yes	e47eae8f8c4887b6
Chrome (default)	No	90ac8a1dfa3b207c
iOS	Yes	133e933dd1dfea90
iOS	No	cff7f10f631feddd
Firefox	Yes	7161e10829541aab
Firefox	No	56fa08d84940a06b

What do I need to do as a user?

• You need to update your client by downloading the corresponding binaries below.
• You may want to set the sni value to your domain name in configuration file, because, as summarized in the table above, your TLS Clienthello can still look very unique without the SNI extension.
• You don't need to update your server because all changes are made from the client side.
• You don't have to specify the fingerprint value, because the default fingerprint (Chrome) is already the most popular one.

Example configuration file

{
    "run_type": "client",
    "local_addr": "127.0.0.1",
    "local_port": 1080,
    "remote_addr": "your-domain-name.com",
    "remote_port": 443,
    "password": [
        "your_awesome_password"
    ],
    "ssl": {
        "sni": "your-domain-name.com",
	"fingerprint": "Chrome"
    }
}

To trojan-go developers

We do not intend to maintain a fork of trojan-go as a separate project. We made this release so that users can have compiled binaries to use immediately. We will archive our repo as soon as our pull request is merged to upstream.

Credits

We thanks uTLS developers, because without their continuous efforts, we wouldn't be able to upgrade trojan-go to the most popular TLS fingerprints effortlessly. We thank Eric Wustrow for helping us understand uTLS library.