chore: sync vless encryption code

2026-03-07 15:09:56 +00:00 · 2025-08-14 23:52:05 +08:00
parent 946b4025df
commit 76e40baebc
5 changed files with 23 additions and 18 deletions
--- a/transport/vless/encryption/client.go
+++ b/transport/vless/encryption/client.go
@@ -115,9 +115,9 @@ func (i *ClientInstance) Handshake(conn net.Conn) (net.Conn, error) {
 	if _, err := c.Conn.Write(clientHello); err != nil {
 		return nil, err
 	}
-	// client can send more padding / NFS AEAD messages if needed
+	// client can send more paddings / NFS AEAD messages if needed

-	_, t, l, err := ReadAndDiscardPaddings(c.Conn)
+	_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before server hello
 	if err != nil {
 		return nil, err
 	}
@@ -201,9 +201,9 @@ func (c *ClientConn) Read(b []byte) (int, error) {
 		return 0, nil
 	}
 	if c.peerAead == nil {
-		_, t, l, err := ReadAndDiscardPaddings(c.Conn)
+		_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before random hello
 		if err != nil {
-			if c.instance != nil && strings.HasPrefix(err.Error(), "invalid header: ") { // from 0-RTT
+			if c.instance != nil && strings.HasPrefix(err.Error(), "invalid header: ") { // 0-RTT's 0-RTT
 				c.instance.Lock()
 				if bytes.Equal(c.ticket, c.instance.ticket) {
 					c.instance.expire = time.Now() // expired