Deep Dive into V2Ray Protocols: Evolution and Security Assessment from VMess to XTLS

6/16/2026 · 3 min

1. Introduction

V2Ray, as a next-generation network proxy tool, has undergone significant protocol evolution from VMess to XTLS. This article systematically evaluates the advantages and limitations of each protocol from three dimensions: technical principles, security features, and performance.

2. VMess Protocol: Foundation and Limitations

VMess is the earliest encrypted transport protocol supported by V2Ray, using symmetric encryption algorithms such as AES-128-GCM or ChaCha20-Poly1305. Its core mechanisms include:

  • Request-response encryption: The client encrypts the session key using the server's public key, and subsequent communication uses symmetric encryption.
  • Timestamp verification: Prevents replay attacks.
  • Protocol obfuscation: Supports HTTP, TLS, and other camouflage.

Security Assessment: VMess meets basic encryption requirements but has the following issues:

  • Obvious traffic characteristics: Fixed-length packets during the handshake are easily identifiable.
  • No forward secrecy: Leaked session keys can decrypt historical traffic.
  • Performance overhead: Additional handshake per connection increases latency.

3. WebSocket + TLS: Enhanced Camouflage

The WebSocket + TLS (WSS) combination encapsulates traffic as WebSocket frames and uses TLS encryption, significantly improving anti-detection capabilities.

  • TLS handshake: Reuses standard HTTPS handshake flow, making traffic indistinguishable from normal HTTPS.
  • WebSocket frames: Supports fragmented transmission, avoiding fixed-length characteristics.
  • Performance trade-off: TLS handshake adds latency, but modern hardware can mitigate this.

Security Assessment: WSS is currently the most mature camouflage solution, but note:

  • Certificate management: Requires valid SSL certificates; otherwise, vulnerable to man-in-the-middle attacks.
  • Fingerprinting: TLS fingerprints (e.g., JA3) can be used for identification.

4. gRPC Protocol: High Performance and Multiplexing

gRPC is based on HTTP/2, supporting multiplexing and bidirectional streaming, suitable for high-concurrency scenarios.

  • Multiplexing: Multiple requests share a single TCP connection, reducing connection establishment overhead.
  • Protobuf encoding: Binary serialization, small size, and fast parsing.
  • Streaming: Supports server push and real-time data streams.

Security Assessment: gRPC itself does not encrypt; it must be used with TLS. Its advantages include:

  • Traffic characteristics: HTTP/2 frame structure is relatively covert.
  • Performance: Multiplexing significantly reduces latency.

5. XTLS: Breakthrough Transport Layer Optimization

XTLS (eXtended Transport Layer Security) is an innovative protocol proposed by the V2Ray community. Its core idea is "direct passthrough" of TLS traffic.

  • Passthrough mechanism: After identifying the TLS handshake, XTLS directly forwards subsequent encrypted traffic, avoiding secondary encryption/decryption.
  • Performance improvement: CPU usage reduced by 30%-50%, latency decreased by over 20%.
  • Security: Maintains native TLS security features without additional attack surfaces.

Security Assessment: XTLS is currently the most advanced protocol, but note:

  • Compatibility: Only supports TLS 1.3 and above.
  • Implementation risk: Passthrough logic must be strictly verified to prevent traffic hijacking.

6. Protocol Comparison and Selection Recommendations

| Protocol | Security | Performance | Anti-detection | Use Case | |----------|----------|-------------|----------------|----------| | VMess | Medium | Low | Low | Legacy compatibility | | WSS | High | Medium | High | General proxy | | gRPC | High | High | Medium | High concurrency | | XTLS | High | Very High | High | High performance needs |

Best Practices:

  • Prioritize XTLS + TLS 1.3 combination.
  • Use WSS for legacy device compatibility.
  • Avoid using VMess alone.

7. Conclusion

From VMess to XTLS, V2Ray protocols have continuously evolved in security, performance, and anti-detection capabilities. XTLS represents the current optimal solution, but attention must be paid to its implementation details and compatibility. Users are advised to choose the appropriate protocol combination based on their actual network environment and security requirements.

Related reading

Related articles

Deep Dive into V2Ray Protocol Stack: Encryption and Fingerprint Countermeasures from VMess to XTLS
This article provides an in-depth analysis of the V2Ray protocol stack, from VMess to XTLS, exploring encryption mechanisms, transport protocols, and fingerprint countermeasures to enhance security and stealth in network transmission.
Read more
VMess Protocol Deep Dive: Technical Evolution from Encryption Mechanisms to Fingerprint Countermeasures
This article provides an in-depth analysis of the VMess protocol's core architecture, covering its encryption mechanisms, transport protocols, and evolutionary strategies against traffic fingerprinting. By comparing different encryption methods and obfuscation techniques, it reveals VMess's technical advantages and potential risks in network security and privacy protection.
Read more
From VMess to VLESS: Security Trade-offs and Performance Optimizations in the Evolution of V2Ray Protocols
This article provides an in-depth analysis of the evolution from VMess to VLESS, the core protocols of V2Ray. It examines the differences in security mechanisms, performance characteristics, and suitable use cases. VLESS achieves lower latency and higher throughput by removing encryption layers and simplifying handshake procedures, but introduces new security considerations. The article helps readers understand the trade-offs behind protocol design and offers deployment recommendations.
Read more
VMess Protocol Deep Dive: Working Mechanism, Security Features, and Performance Benchmarks
VMess is an encrypted transport protocol primarily used for proxy communication. This article provides an in-depth analysis of its working mechanism, including handshake, authentication, encryption, and data transfer, examines its security features such as anti-replay and traffic obfuscation, and evaluates its performance through benchmarks.
Read more
Deep Dive into VMess Protocol: Design Principles, Encryption Mechanisms, and Anti-Fingerprinting Capabilities
VMess is the core transport protocol of V2Ray, designed specifically for bypassing network censorship. This article provides an in-depth analysis of its design principles, multi-layer encryption mechanisms, and anti-fingerprinting capabilities, helping technical readers fully understand its security features and application scenarios.
Read more
Next-Generation VPN Protocols: Technical Evolution and Use Cases from ShadowSocks to Trojan
This article delves into the technical evolution of modern VPN proxy protocols from ShadowSocks to Trojan, analyzing their design principles, encryption mechanisms, obfuscation strategies, and ideal use cases to help readers choose the optimal protocol for their network environment.
Read more

FAQ

Is the VMess protocol secure?
VMess provides basic encryption but lacks forward secrecy and has obvious traffic characteristics. It is recommended for legacy compatibility; otherwise, prefer XTLS or WSS.
What advantages does XTLS have over WSS?
XTLS avoids secondary encryption/decryption by passthrough of TLS traffic, reducing CPU usage by 30%-50% and latency by over 20%, while maintaining native TLS security.
How to choose a V2Ray protocol?
For high performance, choose XTLS+TLS 1.3; for general use, choose WSS; for high concurrency, choose gRPC; for legacy compatibility, choose VMess.
Read more