Xray-core v26.2.4
XHTTP transport: New options for bypassing CDN's potential detection https://github.com/XTLS/Xray-core/pull/5414 & Finalmask: Add XICMP, XDNS (relies on mKCP, like DNSTT), header-*, mkcp-*
为了捍卫通信自由,本次重点更新内容:
- XHTTP 新增了一些选项以对绕过潜在的 CDN 检测(尚未定型,不建议第三方实现现在跟进),详见 https://github.com/XTLS/Xray-core/pull/5414
- Finalmask UDP 新增了 XICMP、XDNS、header-*、mkcp-*,分享链接标准 https://github.com/XTLS/Xray-core/discussions/716 已更新
fm、pcs、vcn - TLS 移除了
allowInsecure配置项,请使用pinnedPeerCertSha256和verifyPeerCertByName代替,详见 https://github.com/XTLS/Xray-core/commit/2c92339f95fe9aa493b6ae51d3b07017a44c4014 - 进一步降低了 Xray-core 启动时的瞬时内存占用 https://github.com/XTLS/Xray-core/pull/5581 ,对于 iOS/router 请测试 https://github.com/XTLS/Xray-core/pull/5505
https://t.me/projectXtls/1464 此外我们将于下个月推出 XDRIVE 传输层与 XICMP 伪装层,前者可利用网盘、S3 stores 等服务传输数据,不需要自有公网 IP,而是通过潜在的白名单 IP 进行代理,~~或者境外能访问到境内的服务也行~~
https://t.me/projectXtls/1473 定义已经清晰,“最终伪装层”是最底层的一个“不可靠的传输层”,比如对于 UDP 它只做每个包的伪装而不会确保可靠传输(依赖上层 mKCP/QUIC/WG,或者代理协议就是想要原生 UDP 特性),另一方面它放的那些东西天马行空、不具备抗检测的鲁棒性但可能就是有奇效,比如现在已有的 XICMP、XDNS、header-*、mkcp-*、Salamander,后续还会把 TCP/TLS fragment、UDP noises 移过来,它们都支持分享,以及据称有用的 ASCII、gfw-killer 想要的在 TCP 流开头加自定义数据等,~~还可能加 MC 等游戏伪装~~,如果你有天马行空的 idea 也可以提出
分两种情况,一种是只加 header 一种是真的通过那个东西传输数据,第一种会被命名为 header-*,第二种会被命名为 X*,~~懒得起名了~~,另外 TCP 的那些伪装可以通过 VLESS fallbacks offload 给别的程序
https://t.me/projectXtls/1478 不在乎主动探测的话其实最简单的方法就是 REALITY 加随便填 SNI,服务端允许的值和客户端填写的值对得上就行,不需要自签再 pin 那么麻烦,且几乎所有客户端都支持 REALITY 及其分享,~~这不比自签强吗~~
https://t.me/projectXtls/1490 为了给少数机场一些迁移时间,今天的版本将 allowInsecure 设为了延时自动禁用(UTC 2026.6.1 00:00),请联系你的机场主为 allowInsecure 的订阅配置加上 pcs/vcn,即可同时兼容新旧版本
这和明文 HTTP 面板一样是 *ray 一开始就有的安全设计问题,可以允许自签但从一开始就不该给出完全不验证证书的选项,然后又错误地被越来越多的代理软件学去,GFW 一个主动探测就知道你能被 MITM
毕竟现在的代理已经越来越多地转向 VLESS、Trojan、Hy2 等内层明文、依赖 TLS 层安全的协议,所以在已知 GFW 拥有完备的 MITM 能力且在其它国家进行过大规模尝试后,这个问题必须得到纠正
Sponsors
Donation & NFTs
Collect a Project X NFT to support the development of Project X!
- TRX(Tron)/USDT/USDC:
TNrDh5VSfwd4RPrwsohr6poyNTfFefNYan - TON:
UQApeV-u2gm43aC1uP76xAC1m6vCylstaN1gpfBmre_5IyTH - BTC:
1JpqcziZZuqv3QQJhZGNGBVdCBrGgkL6cT - XMR:
4ABHQZ3yJZkBnLoqiKvb3f8eqUnX4iMPb6wdant5ZLGQELctcerceSGEfJnoCk6nnyRZm73wrwSgvZ2WmjYLng6R7sR67nq - SOL/USDT/USDC:
3x5NuXHzB5APG6vRinPZcsUv5ukWUY1tBGRSJiEJWtZa - ETH/USDT/USDC:
0xDc3Fe44F0f25D13CACb1C4896CD0D321df3146Ee - Project X NFT: https://opensea.io/item/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/1
- VLESS NFT: https://opensea.io/collection/vless
- REALITY NFT: https://opensea.io/item/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/2
- Related links: VLESS Post-Quantum Encryption, XHTTP: Beyond REALITY, Announcement of NFTs by Project X
该版本升级了一些依赖,并使用 Go 1.25.6 拉满 inline 编译,已 tag v1.260204.0,感谢所有贡献者,详见下方 change log
What's Changed
- TUN inbound: Disable RACK/TLP recovery to fix connection stalls by @KiGamji in https://github.com/XTLS/Xray-core/pull/5600
- TUN inbound: Enhance Darwin interface support by @Owersun in https://github.com/XTLS/Xray-core/pull/5598
- Hysteria transport: Support range & random for
intervalinudphopas well by @LjhAUMEM in https://github.com/XTLS/Xray-core/pull/5603 - Geodat: Reduce peak memory usage by @Meo597 in https://github.com/XTLS/Xray-core/pull/5581
- TUN inbound: Add iOS support by @evozi-team in https://github.com/XTLS/Xray-core/pull/5612
- VMess inbound: Optimize replay filter by @Fangliding in https://github.com/XTLS/Xray-core/pull/5562
- README.md: Add Egern & Quantumult X to Others by @nasaboy in https://github.com/XTLS/Xray-core/pull/5624
- Upgrade gVisor to latest version v0.0.0-20260122175437-89a5d21be8f0 by @RPRX in https://github.com/XTLS/Xray-core/commit/9c46a2d55a46490867589c03aada2dd6b5ffb53f
- TLS config:
allowInsecure->pinnedPeerCertSha256;verifyPeerCertInNames->verifyPeerCertByNameby @RPRX in https://github.com/XTLS/Xray-core/commit/2c92339f95fe9aa493b6ae51d3b07017a44c4014 - Commands: Print leaf cert's SHA256 in
tls pingby @Fangliding @RPRX in https://github.com/XTLS/Xray-core/pull/5628 - MPH domian matcher: Support building & using cache directly (instead of building from geosite.dat when Xray starts) by @hossinasaadi in https://github.com/XTLS/Xray-core/pull/5505
- XHTTP transport: New options for bypassing CDN's potential detection by @paqx @Fangliding in https://github.com/XTLS/Xray-core/pull/5414
- Finalmask: Add XDNS (relies on mKCP, like DNSTT), header-*, mkcp-* by @LjhAUMEM in https://github.com/XTLS/Xray-core/pull/5560
- XHTTP transport: Fix "auto" mode with REALITY by @paqx in https://github.com/XTLS/Xray-core/pull/5638
- Finalmask: Add XICMP (relies on mKCP/QUIC or WireGuard) by @LjhAUMEM in https://github.com/XTLS/Xray-core/pull/5633
- Chore: Generate *.pb.go files with protoc v6.33.5 by @RPRX in https://github.com/XTLS/Xray-core/commit/d14767d4f307dd42e6b41c4871480bcb85437b21
- Commands: Print CA cert's SHA256 in
tls pingby @Fangliding in https://github.com/XTLS/Xray-core/pull/5644 - Finalmask UDP: Support WireGuard & Shadowsocks AEAD/2022 by @LjhAUMEM in https://github.com/XTLS/Xray-core/pull/5643
New Contributors
- @KiGamji made their first contribution in https://github.com/XTLS/Xray-core/pull/5600
- @evozi-team made their first contribution in https://github.com/XTLS/Xray-core/pull/5612
- @nasaboy made their first contribution in https://github.com/XTLS/Xray-core/pull/5624
- @paqx made their first contribution in https://github.com/XTLS/Xray-core/pull/5414
Full Changelog: https://github.com/XTLS/Xray-core/compare/v26.1.23...v26.2.4