Sharing a Trojan-go with updated uTLS fingerprints


Authors: Anonymous

中文版: 分享一个采用uTLS指纹的Trojan-go客户端

We upgraded trojan-go client’s TLS fingerprint to some of the most popular ones. We hope such change will mitigate the large-scale blocking of TLS-based censorship circumvention protocols since October 3, 2022.

Updated versions

v0.10.10:

  • In this release, we upgrade trojan-go client’s uTLS library from v1.1.5 to v1.2.0.

v0.10.9:

  • In this release, we upgrade trojan-go client’s uTLS library from v1.1.3 to v1.1.5.

v0.10.8:

  • We upgrade trojan-go client’s uTLS library from v1.1.2 to v1.1.3.
  • The new version 1) supports more fingerprint options: Edge, Safari, 360Browser, and QQBrowser; and 2) updates the TLS fingerprint of existing fingerprint options: Chome, Firefox, and iOS.

v0.10.7:

  • Replace Go’s standard cryto/tls with uTLS in trojan-go client.
  • Upagrade uTLS to the latest version v1.1.2.

TLS ClientHello fingerprints

Depending on one’s configuration, the Clienthello sent by trojan-go client v0.10.7 will now look like one of the following popular fingerprints (rather than the Go’s TLS fingerprint in previous versions):

fingerprint sni value specified? TLS Fingerprint ID
Chrome (default) Yes e47eae8f8c4887b6
Chrome (default) No 90ac8a1dfa3b207c
iOS Yes 133e933dd1dfea90
iOS No cff7f10f631feddd
Firefox Yes 7161e10829541aab
Firefox No 56fa08d84940a06b

What do I need to do as a user?

  • You need to update your client by downloading the corresponding binaries below.
  • You may want to set the sni value to your domain name in configuration file, because, as summarized in the table above, your TLS Clienthello can still look very unique without the SNI extension.
  • You don’t need to update your server because all changes are made from the client side.
  • You don’t have to specify the fingerprint value, because the default fingerprint (Chrome) is already the most popular one.

Why my server still got blocked when I used the latest trojan-go client?

Did you use any other trojan clients (eg. on your phone) to connect to the same server? If so, it cannot be determine whether the blocking is caused by this trojan-go client or other client’s fingerprint and behaviors anymore.

We really want more users to report the status of their servers. If you are sure that you have been exclusively using the trojan-go clients we provided, please consider to report the status of your server (reporting not being blocked is as important as reporting blocking).

Example configuration file

{
    "run_type": "client",
    "local_addr": "127.0.0.1",
    "local_port": 1080,
    "remote_addr": "your-domain-name.com",
    "remote_port": 443,
    "password": [
        "your_awesome_password"
    ],
    "ssl": {
        "sni": "your-domain-name.com",
	      "fingerprint": "Chrome"
    }
}

To trojan-go developers

We do not intend to maintain a fork of trojan-go as a separate project. We made this release so that users can have compiled binaries to use immediately. We will archive our repo as soon as our pull request is merged to upstream.

Credits

We thanks uTLS developers, because without their continuous efforts, we wouldn’t be able to upgrade trojan-go to the most popular TLS fingerprints effortlessly. We thank Eric Wustrow for helping us understand uTLS library.

Comments