chore: remove vmess from core. #4952
Conversation
|
Its better to remove vmess after vless encryption added |
|
well done, destroy backward compatibility and ruin all clients use xray |
|
Also so many people use tcp http configs and vmess for encryption removing vmess not a good idea |
|
you don't like it you don't use it |
But keeping deprecated features forever just slows everything down. Protocols evolve for a reason — security, efficiency, and maintainability. It’s not about "ruining" anything — it’s about moving forward. No one is stopping you from continuing to use older versions of the core if backward compatibility is that critical for your setup. But please don’t expect the latest versions to stay bloated with outdated protocols just to support legacy usage. Think about the bigger picture — long-term maintainability matters. |
|
Better Option: remove yourself from the world! |
|
Unless an encryption method that does not require TLS is added to VLESS, this only helps GFW to do more censoring and not helping the ones who fight against GFW because TLS is easily gets blocked whenever they want. Add an encryption method, this PR should be marked as Work in Progress :) P.S: Russia's Gov is not censoring as much as China and Iran, the problem is you think because TLS works in Russia, everywhere else also does work fine, sorry but that's not the case. |
|
It's a BIG NO, instead of removing vmess, focus on adding a practical feature. |
there is a third option if this pr merged, abandon xray and use a alternatives, no more pr on this repo because maintainers like rprx don't commit new changes them selves, people have to use alternatives if they need to run vmess, clients have 2 way, use multiple core (same as v2rayn) or replace xray |
|
nope |
|
Xray-core 不会移除已有的功能/协议,除非是内部迭代(旧 XTLS->新 XTLS,H2/QUIC->XHTTP)或彻底没人用了(旧 MTProto) VMess 非 Xray 原创且支持广泛,不属于 Xray 移除了就能带动其它软件一起移除的协议,也并非彻底没人用了,所以不会被移除 |
|
这大概就是格局了吧 |
|
This is a sign! |
|
@gfw-killer Ok, I wiil see what I can do for solving these problems. 大概就是客户端持有 X25519 与 MLKEM768 公钥,生成密码密文并加密数据发给服务端,服务端持有 X25519 与 MLKEM768 私钥以解密出密码并解密密文数据,密文部分数据传输格式就是 TLS data record,以便在未来的版本中结合 Vision Seed 流量混淆机制 简单设计的话该加密自身为 0-RTT、抗量子,客户端配置泄露不会导致被解密,服务端配置泄露会导致被解密,但还好,因为该加密的微观特征明显,目标并非直接过墙(2025 了都),而是保护数据免受 CDN 的窥探,也就是说外面还有一层 TLS 的保护 如果有人将这一高强度土制加密放明文 HTTP 里面但导致被 GFW 封锁了,则可以证实 GFW 针对明文 HTTP 的审查,这就是阳谋 得益于 VLESS 预留了 |
|
话说 2025 了基本都有 AES-NI 了吧,加密方式只有 AES-256-GCM 没问题吧 |
|
Please add chacha20-poly1305 option too, it's needed for devices with no AES-NI (old or budget devices) |
|
主要是不想把这个加密设计得过于复杂,服务端可以先 aes-256-gcm 解密,失败的话就试 chacha20-poly1305 |
|
If it's gonna have a Header and Payload part like VMess, then Header encryption can always be AES then header determines the payload encryption algorithm. |
其实我不想设计这种机制,因为尝试两次解密的开销对于后面庞大的 body 来说不值一提,基本上没什么额外开销 |
|
@gfw-killer 我更新了 VLESS 加密的设计方案,像 QUIC 一样跨二元组复用 sharedKey,兼顾 0-RTT 与前向安全,测试代码已跑通 本周末将正式推出 VLESS 加密,主要特性如下:
全面基于 ML-KEM-768、HKDF(SHA256)、AES-256-GCM/ChaCha20-Poly1305 |
|
|
因为把“多个被代理连接”用 mux 塞进同一条 VLESS 加密内,相较于复用 sharedKey 加密“多个被代理连接” 那如果这个 sharedKey 泄露了,结果都是能解密出“多个被代理连接”, |
|
而如果不 mux 也不复用 sharedKey 的话,在 TCP TLS 2-RTT 的基础上再加 1-RTT, |
|
重要的不是泄露sharedKey而是不过滤的话请求可以被重放( |
|
@Fangliding 不过你要想一下主要目标是放 CDN 里, |
|
不过 GET 难说,POST 的话肯定不会,连浏览器都有提示 |
|
|
|
@RPRX then.... now we can delete vmess? |
|
Why are you insist on removing vmess! |
Because we have vless encryption |
|
留着其它协议主要是为了兼容性,这些协议也没占多少地方 |
So by ur Logic we should stop using trains because planes are invented. Xray is a multi protocol core And it used in a lot of apps it should support more even protocols not removing existing ones |
Let's not go into this ridiculous and cheap sophistry. The correct comparison is two trains, where one has mechanisms that increase the safety of passengers, and the other is a decommissioned train from a first world country to a third world country, which has traveled 1,000,000 km and now the only thing it can do is deliver a passenger, without taking into account his safety. Xray is a multi protocol core and it used in a lot of apps it should observe all modern safety precautions and remove old ones when they have a replacement. |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sounds reasonable |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
都是啥理解能力,VLESS Encryption 目标就是成为 SS 2022/AEAD、VMess 的更好的替代品, |
… Use DispatchLink() in Tunnel/dokodemo-door inbound #4952 (comment) For #5067
|
in compare to VMess, VLESS still lacks a selectable symmetric encryption for low-end server and clients but it's good enough to tag vmess/ss/ss2022 as deprecated |
|
Trojan is suitable for when you want to use Xray-core with a personal-utility-program, |
|
@patterniha 如果只是想要一个最简单但能用(不抗 GFW)的 TLS 代理的话,VLESS 和 Trojan 没区别,VLESS 多的特性不实现就行 XUDP 也并非要求 Mux,VLESS & VMess 用的是单独实现:https://github.com/XTLS/Xray-core/blob/main/common/xudp/xudp.go |
|
@RPRX |
Yes, they really exist, specially in poor countries. |
I guess using this a little old servers not good idea |
…er; Use DispatchLink() in Tunnel/Socks/HTTP inbound #4952 (comment) For #5067
…er; Use DispatchLink() in Tunnel/Socks/HTTP inbounds #4952 (comment) For #5067
…er; Use DispatchLink() in Tunnel/Socks/HTTP inbounds #4952 (comment) For #5067
You are right, modern EU/US cloud servers are cheap enough to buy, and low-end domestic servers are only used as relay so the lack of AES-NI does not matter (if we don't consider Xray reverse tunnel and the minority who use them directly as a Xray node) |
…er; Use DispatchLink() in Tunnel/Socks/HTTP inbounds #4952 (comment) For #5067 (?inbound mux cpu 100%)
…er; Use DispatchLink() in Tunnel/Socks/HTTP inbounds #5067 (comment) Fixes #4952 (comment) for client's Xray-core
#5067 (comment) Fixes #4952 (comment) for cheap routers
#5067 (comment) 加回来了 |
18 participants
the goal is to remove the obsolete protocol