Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2427
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2427
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge TestFlight's Changelog
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2429
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2429
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2431
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2431
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2432
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2432
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2911) is ready to test on iOS.
What to Test:
- 修正崩溃
- 调整了 QUIC 的一些流控参数,优化 TUIC/Vector 在一些网络情况下的带宽表现
Surge 5 5.21.0 (2911) is ready to test on iOS.
What to Test:
- 修正崩溃
- 调整了 QUIC 的一些流控参数,优化 TUIC/Vector 在一些网络情况下的带宽表现
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2433
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2433
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2914) is ready to test on iOS.
What to Test:
- 为避免 UDP NAT 超时干扰 QUIC 会话,会话闲置超时时间延迟到 180s
- 崩溃修正
Surge 5 5.21.0 (2914) is ready to test on iOS.
What to Test:
- 为避免 UDP NAT 超时干扰 QUIC 会话,会话闲置超时时间延迟到 180s
- 崩溃修正
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2434
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2434
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2916) is ready to test on iOS.
What to Test:
- WireGuard 的 block-quic 参数 auto 行为将自动读取 MTU 参数,在 MTU 小于 1280 时阻止 QUIC
- UDP NAT 支持根据 ICMP 消息提前关闭 UDP 会话
- 崩溃修正
Surge 5 5.21.0 (2916) is ready to test on iOS.
What to Test:
- WireGuard 的 block-quic 参数 auto 行为将自动读取 MTU 参数,在 MTU 小于 1280 时阻止 QUIC
- UDP NAT 支持根据 ICMP 消息提前关闭 UDP 会话
- 崩溃修正
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2435
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2435
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2436
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2436
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2918) is ready to test on iOS.
What to Test:
- 崩溃修正
- QUIC 请求支持 SNI 解密与提取,可用于规则匹配
- 当请求的主机名与 SNI 不一致时,会额外显示 SNI 在请求列表中
- PROTOCOL 规则新增可选值 QUIC,用于匹配 QUIC 连接
Surge 5 5.21.0 (2918) is ready to test on iOS.
What to Test:
- 崩溃修正
- QUIC 请求支持 SNI 解密与提取,可用于规则匹配
- 当请求的主机名与 SNI 不一致时,会额外显示 SNI 在请求列表中
- PROTOCOL 规则新增可选值 QUIC,用于匹配 QUIC 连接
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2437
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2437
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge TestFlight's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2920) is ready to test on iOS.
What to Test:
- 为保证规则兼容性,PROTOCOL,UDP 规则可以继续匹配 QUIC 会话了
- 扩充了 QUIC SNI 提取功能支持的 QUIC 版本
- 若因为版本问题未能提取,将在请求日志中予以说明
Surge 5 5.21.0 (2920) is ready to test on iOS.
What to Test:
- 为保证规则兼容性,PROTOCOL,UDP 规则可以继续匹配 QUIC 会话了
- 扩充了 QUIC SNI 提取功能支持的 QUIC 版本
- 若因为版本问题未能提取,将在请求日志中予以说明
Forwarded from Surge Mac's Changelog
#Mac #Beta
Version 5.4.0-2438
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2438
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2439
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2439
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2921) is ready to test on iOS.
What to Test:
- 回退了一个依赖库的版本,以解决最近版本的部分崩溃
- 优化了 QUIC-based 协议的错误处理
Surge 5 5.21.0 (2921) is ready to test on iOS.
What to Test:
- 回退了一个依赖库的版本,以解决最近版本的部分崩溃
- 优化了 QUIC-based 协议的错误处理
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2440
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2440
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2441
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2441
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2922) is ready to test on iOS.
What to Test:
- MITM 新增参数 auto-quic-block 用于控制新加入的自动屏蔽 QUIC 行为,默认开启
- 由于 QUIC SNI 提前功能的部分代码对全局的 TLS 会话产生了非预期影响,导致最近版本相关功能异常,暂时移除了该功能
- 其他问题修正
Surge 5 5.21.0 (2922) is ready to test on iOS.
What to Test:
- MITM 新增参数 auto-quic-block 用于控制新加入的自动屏蔽 QUIC 行为,默认开启
- 由于 QUIC SNI 提前功能的部分代码对全局的 TLS 会话产生了非预期影响,导致最近版本相关功能异常,暂时移除了该功能
- 其他问题修正