Update utls to v1.6.7

common/tls/utls_client.go

@@ -217,18 +217,10 @@ func init() {
 
 func uTLSClientHelloID(name string) (utls.ClientHelloID, error) {
 	switch name {
+	case "chrome_psk", "chrome_psk_shuffle", "chrome_padding_psk_shuffle", "chrome_pq":
+		fallthrough
 	case "chrome", "":
 		return utls.HelloChrome_Auto, nil
-	case "chrome_psk":
-		return utls.HelloChrome_100_PSK, nil
-	case "chrome_psk_shuffle":
-		return utls.HelloChrome_112_PSK_Shuf, nil
-	case "chrome_padding_psk_shuffle":
-		return utls.HelloChrome_114_Padding_PSK_Shuf, nil
-	case "chrome_pq":
-		return utls.HelloChrome_115_PQ, nil
-	case "chrome_pq_psk":
-		return utls.HelloChrome_115_PQ_PSK, nil
 	case "firefox":
 		return utls.HelloFirefox_Auto, nil
 	case "edge":

docs/configuration/inbound/trojan.md

@@ -47,7 +47,7 @@ TLS configuration, see [TLS](/configuration/shared/tls/#inbound).
 
 #### fallback
 
-!!! quote ""
+!!! failure ""
 
     There is no evidence that GFW detects and blocks Trojan servers based on HTTP responses, and opening the standard http/s port on the server is a much bigger signature.
 

docs/configuration/route/rule.md

@@ -4,7 +4,7 @@ icon: material/alert-decagram
 
 !!! quote "Changes in sing-box 1.10.0"
 
-    :material-plus: [client](#client)
+    :material-plus: [client](#client)  
     :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)  
     :material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source)  
     :material-plus: [process_path_regex](#process_path_regex)

docs/configuration/shared/tls.md

@@ -1,4 +1,8 @@
-!!! quote "Changes in sing-box 1.8.0"
+---
+icon: material/alert-decagram
+---
+
+!!! quote "Changes in sing-box 1.10.0"
 
     :material-alert-decagram: [utls](#utls)  
 
@@ -210,28 +214,25 @@ The path to the server private key, in PEM format.
 
 ==Client only==
 
-!!! note ""
-
-    uTLS is poorly maintained and the effect may be unproven, use at your own risk.
+!!! failure ""
+    
+    There is no evidence that GFW detects and blocks servers based on TLS client fingerprinting, and using an imperfect emulation that has not been security reviewed could pose security risks.
 
 uTLS is a fork of "crypto/tls", which provides ClientHello fingerprinting resistance.
 
 Available fingerprint values:
 
-!!! question "Since sing-box 1.8.0"
+!!! warning "Removed since sing-box 1.10.0"
+
+    Some legacy chrome fingerprints have been removed and will fallback to chrome:
 
-    :material-plus: chrome_psk  
-    :material-plus: chrome_psk_shuffle  
-    :material-plus: chrome_padding_psk_shuffle  
-    :material-plus: chrome_pq  
-    :material-plus: chrome_pq_psk
+    :material-close: chrome_psk  
+    :material-close: chrome_psk_shuffle  
+    :material-close: chrome_padding_psk_shuffle  
+    :material-close: chrome_pq  
+    :material-close: chrome_pq_psk
 
 * chrome
-* chrome_psk
-* chrome_psk_shuffle
-* chrome_padding_psk_shuffle
-* chrome_pq
-* chrome_pq_psk
 * firefox
 * edge
 * safari

docs/configuration/shared/tls.zh.md

@@ -1,4 +1,8 @@
-!!! quote "sing-box 1.8.0 中的更改"
+---
+icon: material/alert-decagram
+---
+
+!!! quote "sing-box 1.10.0 中的更改"
 
     :material-alert-decagram: [utls](#utls)  
 
@@ -44,8 +48,8 @@
     "handshake": {
       "server": "google.com",
       "server_port": 443,
-
-      ... // 拨号字段
+      ...
+      // 拨号字段
     },
     "private_key": "UuMBgl7MXTPx9inmQp2UC7Jcnwc6XYbwDNebonM-FCc",
     "short_id": [
@@ -202,28 +206,25 @@ TLS 版本值：
 
 ==仅客户端==
 
-!!! note ""
+!!! failure ""
 
-    uTLS 维护不善且其效果可能未经证实，使用风险自负。
+    没有证据表明 GFW 根据 TLS 客户端指纹检测并阻止服务器，并且，使用一个未经安全审查的不完美模拟可能带来安全隐患。
 
 uTLS 是 "crypto/tls" 的一个分支，它提供了 ClientHello 指纹识别阻力。
 
 可用的指纹值：
 
-!!! question "自 sing-box 1.8.0 起"
+!!! warning "已在 sing-box 1.10.0 移除"
+
+    一些旧 chrome 指纹已被删除，并将会退到 chrome：
 
-    :material-plus: chrome_psk  
-    :material-plus: chrome_psk_shuffle  
-    :material-plus: chrome_padding_psk_shuffle  
-    :material-plus: chrome_pq  
-    :material-plus: chrome_pq_psk
+    :material-close: chrome_psk  
+    :material-close: chrome_psk_shuffle  
+    :material-close: chrome_padding_psk_shuffle  
+    :material-close: chrome_pq  
+    :material-close: chrome_pq_psk
 
 * chrome
-* chrome_psk
-* chrome_psk_shuffle
-* chrome_padding_psk_shuffle
-* chrome_pq
-* chrome_pq_psk
 * firefox
 * edge
 * safari

go.mod

@@ -37,7 +37,7 @@ require (
 	github.com/sagernet/sing-tun v0.4.0-beta.16
 	github.com/sagernet/sing-vmess v0.1.12
 	github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7
-	github.com/sagernet/utls v1.5.4
+	github.com/sagernet/utls v1.6.7
 	github.com/sagernet/wireguard-go v0.0.0-20231215174105-89dec3b2f3e8
 	github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854
 	github.com/spf13/cobra v1.8.0
@@ -61,7 +61,6 @@ require (
 	github.com/andybalholm/brotli v1.0.6 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/gaukas/godicttls v0.0.4 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gobwas/httphead v0.1.0 // indirect

go.sum

@@ -17,8 +17,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/gaukas/godicttls v0.0.4 h1:NlRaXb3J6hAnTmWdsEKb9bcSBD6BvcIjdGdeb0zfXbk=
-github.com/gaukas/godicttls v0.0.4/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI=
 github.com/go-chi/chi/v5 v5.0.12 h1:9euLV5sTrTNTRUU9POmDUvfxyj6LAABLUcEWO+JJb4s=
 github.com/go-chi/chi/v5 v5.0.12/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
 github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4=
@@ -137,8 +135,8 @@ github.com/sagernet/sing-vmess v0.1.12 h1:2gFD8JJb+eTFMoa8FIVMnknEi+vCSfaiTXTfEY
 github.com/sagernet/sing-vmess v0.1.12/go.mod h1:luTSsfyBGAc9VhtCqwjR+dt1QgqBhuYBCONB/POhF8I=
 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ=
 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7/go.mod h1:FP9X2xjT/Az1EsG/orYYoC+5MojWnuI7hrffz8fGwwo=
-github.com/sagernet/utls v1.5.4 h1:KmsEGbB2dKUtCNC+44NwAdNAqnqQ6GA4pTO0Yik56co=
-github.com/sagernet/utls v1.5.4/go.mod h1:CTGxPWExIloRipK3XFpYv0OVyhO8kk3XCGW/ieyTh1s=
+github.com/sagernet/utls v1.6.7 h1:Ep3+aJ8FUGGta+II2IEVNUc3EDhaRCZINWkj/LloIA8=
+github.com/sagernet/utls v1.6.7/go.mod h1:Uua1TKO/FFuAhLr9rkaVnnrTmmiItzDjv1BUb2+ERwM=
 github.com/sagernet/wireguard-go v0.0.0-20231215174105-89dec3b2f3e8 h1:R0OMYAScomNAVpTfbHFpxqJpvwuhxSRi+g6z7gZhABs=
 github.com/sagernet/wireguard-go v0.0.0-20231215174105-89dec3b2f3e8/go.mod h1:K4J7/npM+VAMUeUmTa2JaA02JmyheP0GpRBOUvn3ecc=
 github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 h1:6uUiZcDRnZSAegryaUGwPC/Fj13JSHwiTftrXhMmYOc=