Resolve conflicts

2026-05-14 00:51:12 +03:00 · 2026-01-18 21:53:22 +03:00
parent f6da8e52b4 b27d707668
commit a2a5f46cb6
36 changed files with 1335 additions and 1080 deletions
--- a/docs/configuration/inbound/shadowsocks.md
+++ b/docs/configuration/inbound/shadowsocks.md
@@ -9,6 +9,7 @@

  "method": "2022-blake3-aes-128-gcm",
  "password": "8JCsPssfgS8tiRwiMlhARg==",
+  "managed": false,
  "multiplex": {}
 }
 ```
@@ -86,6 +87,10 @@ Both if empty.
 | 2022 methods  | `sing-box generate rand --base64 <Key Length>` |
 | other methods | any string                                     |

+#### managed
+
+Defaults to `false`. Enable this when the inbound is managed by the [SSM API](/configuration/service/ssm-api) for dynamic user.
+
 #### multiplex

 See [Multiplex](/configuration/shared/multiplex#inbound) for details.
--- a/docs/configuration/inbound/shadowsocks.zh.md
+++ b/docs/configuration/inbound/shadowsocks.zh.md
@@ -9,6 +9,7 @@

  "method": "2022-blake3-aes-128-gcm",
  "password": "8JCsPssfgS8tiRwiMlhARg==",
+  "managed": false,
  "multiplex": {}
 }
 ```
@@ -86,6 +87,10 @@ See [Listen Fields](/configuration/shared/listen/) for details.
 | 2022 methods  | `sing-box generate rand --base64 <密钥长度>` |
 | other methods | 任意字符串                                    |

+#### managed
+
+默认为 `false`。当该入站需要由 [SSM API](/zh/configuration/service/ssm-api) 管理用户时必须启用此字段。
+
 #### multiplex

 参阅 [多路复用](/zh/configuration/shared/multiplex#inbound)。
--- a/docs/configuration/shared/tls.md
+++ b/docs/configuration/shared/tls.md
@@ -230,9 +230,18 @@ The path to the server private key, in PEM format.

 ==Client only==

-!!! failure ""
-    
-    There is no evidence that GFW detects and blocks servers based on TLS client fingerprinting, and using an imperfect emulation that has not been security reviewed could pose security risks.
+!!! failure "Not Recommended"
+
+    uTLS has had repeated fingerprinting vulnerabilities discovered by researchers.
+
+    uTLS is a Go library that attempts to imitate browser TLS fingerprints by copying
+    ClientHello structure. However, browsers use completely different TLS stacks
+    (Chrome uses BoringSSL, Firefox uses NSS) with distinct implementation behaviors
+    that cannot be replicated by simply copying the handshake format, making detection possible.
+    Additionally, the library lacks active maintenance and has poor code quality,
+    making it unsuitable for censorship circumvention.
+
+    For TLS fingerprint resistance, use [NaiveProxy](/configuration/inbound/naive/) instead.

 uTLS is a fork of "crypto/tls", which provides ClientHello fingerprinting resistance.

--- a/docs/configuration/shared/tls.zh.md
+++ b/docs/configuration/shared/tls.zh.md
@@ -220,9 +220,16 @@ TLS 版本值：

 ==仅客户端==

-!!! failure ""
+!!! failure "不推荐"

-    没有证据表明 GFW 根据 TLS 客户端指纹检测并阻止服务器，并且，使用一个未经安全审查的不完美模拟可能带来安全隐患。
+    uTLS 已被研究人员多次发现其指纹可被识别的漏洞。
+
+    uTLS 是一个试图通过复制 ClientHello 结构来模仿浏览器 TLS 指纹的 Go 库。
+    然而，浏览器使用完全不同的 TLS 实现（Chrome 使用 BoringSSL，Firefox 使用 NSS），
+    其实现行为无法通过简单复制握手格式来复现，其行为细节必然存在差异，使得检测成为可能。
+    此外，此库缺乏积极维护，且代码质量较差，不建议用于反审查场景。
+
+    如需 TLS 指纹抵抗，请改用 [NaiveProxy](/configuration/inbound/naive/)。

 uTLS 是 "crypto/tls" 的一个分支，它提供了 ClientHello 指纹识别阻力。