diff --git a/backend/util/common/random.go b/backend/util/common/random.go
index b6cea34..5352b78 100644
--- a/backend/util/common/random.go
+++ b/backend/util/common/random.go
@@ -24,3 +24,7 @@ func Random(n int) string {
 	}
 	return string(runes)
 }
+
+func RandomInt(n int) int {
+	return rnd.Intn(n)
+}
diff --git a/backend/util/genLink.go b/backend/util/genLink.go
index 98b06e4..9c9614d 100644
--- a/backend/util/genLink.go
+++ b/backend/util/genLink.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net/url"
 	"s-ui/database/model"
+	"s-ui/util/common"
 	"strings"
 )
 
@@ -19,7 +20,7 @@ func LinkGenerator(clientConfig json.RawMessage, i *model.Inbound, hostname stri
 
 	var tls map[string]interface{}
 	if i.TlsId > 0 {
-		json.Unmarshal(i.Tls.Client, &tls)
+		tls = prepareTls(i.Tls)
 	}
 
 	var userConfig map[string]map[string]interface{}
@@ -80,6 +81,28 @@ func LinkGenerator(clientConfig json.RawMessage, i *model.Inbound, hostname stri
 	return []string{}
 }
 
+func prepareTls(t *model.Tls) map[string]interface{} {
+	var iTls, oTls map[string]interface{}
+	json.Unmarshal(t.Client, &oTls)
+	json.Unmarshal(t.Server, &iTls)
+
+	for k, v := range iTls {
+		switch k {
+		case "enabled", "server_name", "alpn":
+			oTls[k] = v
+		case "reality":
+			reality := v.(map[string]interface{})
+			clientReality := oTls["reality"].(map[string]interface{})
+			clientReality["enabled"] = reality["enabled"]
+			if short_ids, hasSIds := reality["short_ids"].([]interface{}); hasSIds && len(short_ids) > 0 {
+				clientReality["short_id"] = short_ids[common.RandomInt(len(short_ids))]
+			}
+			oTls["reality"] = clientReality
+		}
+	}
+	return oTls
+}
+
 func shadowsocksLink(
 	userConfig map[string]map[string]interface{},
 	inbound map[string]interface{},
@@ -507,3 +530,23 @@ func getTransportParams(t interface{}) map[string]string {
 	}
 	return params
 }
+
+func getTlsParams(t interface{}) map[string]string {
+	params := map[string]string{}
+	if tls, hasTls := t.(map[string]interface{}); hasTls {
+		if sni, ok := tls["server_name"].(string); ok {
+			params["sni"] = sni
+		}
+		if alpn, ok := tls["alpn"].([]interface{}); ok {
+			alpnList := make([]string, len(alpn))
+			for i, v := range alpn {
+				alpnList[i] = v.(string)
+			}
+			params["alpn"] = strings.Join(alpnList, ",")
+		}
+		if insecure, ok := tls["insecure"].(bool); ok && insecure {
+			params["insecure"] = "1"
+		}
+	}
+	return params
+}
diff --git a/backend/util/outJson.go b/backend/util/outJson.go
index aaa38ea..cc5b291 100644
--- a/backend/util/outJson.go
+++ b/backend/util/outJson.go
@@ -98,6 +98,13 @@ func addTls(out *map[string]interface{}, tls *model.Tls) {
 		}
 		tlsConfig["reality"] = realityConfig
 	}
+	if ech, ok := tlsServer["ech"].(map[string]interface{}); ok && ech["enabled"].(bool) {
+		echConfig := tlsConfig["ech"].(map[string]interface{})
+		echConfig["enabled"] = true
+		echConfig["pq_signature_schemes_enabled"] = ech["pq_signature_schemes_enabled"]
+		echConfig["dynamic_record_sizing_disabled"] = ech["dynamic_record_sizing_disabled"]
+		tlsConfig["ech"] = echConfig
+	}
 
 	(*out)["tls"] = tlsConfig
 }