Trojan
Disguises proxy traffic as standard HTTPS browsing, with TLS built in by design โ one of the more reliable protocols today, with a lower false-positive detection rate.
Example Config
config.yaml YAML
proxies: - name: "trojan" type: trojan server: server port: 443 password: yourpsk udp: true sni: example.com client-fingerprint: random skip-cert-verify: true network: tcp
Field Reference
passwordRequiredThe Trojan server password. Sending it in plaintext is part of the Trojan protocol's design, relying on TLS for protection.
networkOptionalThe transport layer โ supports ws/grpc, defaulting to tcp if not set; see Transport Layer Configuration. Fields like sni belong to the TLS fields.
ss-opts (trojan-go compatibility)
Older versions of trojan-go support layering an extra Shadowsocks AEAD encryption on top of Trojan. If your node uses this combination, you'll need to enable it here as well:
YAML ss-opts
ss-opts: enabled: true method: aes-128-gcm password: "example"
ss-opts.methodOptionalSupports aes-128-gcm/aes-256-gcm/chacha20-ietf-poly1305. Most modern Trojan nodes don't need this layer โ you can skip it entirely.