Deep Dive into V2Ray Protocols: Technical Evolution and Security Considerations from VMess to XTLS

4/25/2026 · 3 min

Introduction

V2Ray, as a powerful network proxy tool, derives its core value from flexible and secure protocol design. From the initial VMess protocol to the recently introduced XTLS, V2Ray's protocol stack has undergone significant technical evolution. This article delves into the technical details, security features, and performance trade-offs of these protocols.

VMess Protocol: Foundation and Security Design

VMess is the first encrypted transport protocol supported by V2Ray, designed to provide confidentiality and integrity protection over untrusted networks.

Encryption Mechanism

VMess employs a hybrid encryption system: symmetric encryption algorithms such as AES-128-GCM or ChaCha20-Poly1305 are used to encrypt transmitted data, while asymmetric encryption (e.g., ECDH) is utilized for key exchange. Each connection uses an independent session key, ensuring forward secrecy.

Protocol Structure

The VMess protocol consists of two parts: the request header and the transport body. The request header carries metadata such as the target address and encryption method, which is encrypted and authenticated before transmission. The transport body carries the actual data stream. This design effectively prevents traffic feature analysis.

mKCP Protocol: Reliable Transmission over UDP

mKCP is a reliable UDP transport protocol improved by V2Ray based on the KCP protocol, optimized for high-latency and high-packet-loss network environments.

Core Features

  • Fast Retransmission: Custom ACK mechanism reduces recovery time from packet loss.
  • Flow Control: Dynamically adjusts sending rate to avoid network congestion.
  • Packet Obfuscation: Adds random padding to counter traffic feature detection.

Use Cases

mKCP is particularly suitable for unstable environments such as mobile networks or cross-border connections, but it consumes more bandwidth compared to TCP.

XTLS: Next-Generation Transport Protocol

XTLS (eXtended Transport Layer Security) is an innovative protocol proposed by the V2Ray community to address the performance bottlenecks of traditional TLS proxies.

Design Principle

XTLS leverages the handshake characteristics of TLS 1.3 to establish a "direct" encrypted channel between the client and server. Unlike traditional TLS proxies, XTLS avoids double encryption overhead—data is encrypted only once at the TLS layer and then directly forwarded to the target server.

Performance Advantages

  • Reduced CPU Consumption: Eliminates one encryption/decryption operation, improving throughput by 30%-50%.
  • Lower Latency: Packets do not need to be unpacked and repacked at the proxy layer.
  • Traffic Camouflage: Fully compatible with standard TLS 1.3 traffic, making it difficult for deep packet inspection to identify.

Security Considerations

While improving performance, XTLS maintains the same security level as standard TLS. However, it requires both client and server to support the protocol and has specific dependencies on TLS libraries.

Protocol Comparison and Selection Recommendations

| Protocol | Encryption Strength | Performance | Anti-Detection | Use Case | |----------|---------------------|-------------|----------------|----------| | VMess | High | Medium | Strong | General proxy | | mKCP | Medium | Low (good in high loss) | Medium | Unstable networks | | XTLS | High | High | Very Strong | High performance needs |

Conclusion

The evolution of V2Ray's protocol stack reflects the continuous pursuit of security, performance, and stealth in network proxy technology. VMess provides a solid encryption foundation, mKCP addresses specific network environment issues, and XTLS achieves a breakthrough in performance. The choice of protocol should be based on actual network conditions, security requirements, and performance needs.

Related reading

Related articles

From Shadowsocks to Trojan: Evolution and Security Assessment of Modern VPN Proxy Protocols
This article reviews the evolution of modern VPN proxy protocols from Shadowsocks to Trojan, analyzing their design philosophies, encryption mechanisms, and anti-detection capabilities, with a comprehensive security assessment to provide technical insights for network acceleration and privacy protection.
Read more
VLESS and the Xray Ecosystem: Technical Evolution and Application Scenarios of the Next-Generation Proxy Protocol Stack
This article delves into the VLESS protocol and its central role within the Xray ecosystem, analyzing its technical evolution compared to VMess, its key features, and detailing its diverse application scenarios in modern network environments.
Read more
TLS-in-TLS and XTLS: Evolution of Traffic Obfuscation Techniques in VPN Proxy Protocols
This article delves into two key traffic obfuscation techniques in VPN proxy protocols: TLS-in-TLS and XTLS. It analyzes their working principles, performance differences, and security characteristics, revealing the technological evolution from traditional double encryption to intelligent traffic splitting, helping readers understand the design philosophy of modern proxy protocols.
Read more
Are VPN Airports Safe? Deep Dive into Node Encryption and Privacy Protection Mechanisms
This article provides an in-depth analysis of VPN airport safety, covering node encryption technologies, privacy protection mechanisms, potential risks, and selection recommendations to help users evaluate and choose secure VPN airport services.
Read more
WireGuard vs. OpenVPN: How to Choose the Best VPN Protocol Based on Your Business Scenario
This article provides an in-depth comparison of the two mainstream VPN protocols, WireGuard and OpenVPN, focusing on their core differences in architecture, performance, security, configuration, and applicable scenarios. By analyzing various business needs (such as remote work, server interconnection, mobile access, and high-security environments), it offers specific selection guidelines and deployment recommendations to help enterprise technical decision-makers make optimal choices.
Read more
Deep Dive into V2Ray Core Principles: How Modular Design Enables Efficient Network Proxying
This article provides an in-depth analysis of V2Ray's core architecture and working principles, focusing on how its modular design philosophy enables efficient, flexible, and secure network proxying through mechanisms like protocol stack separation, routing strategies, and transport layer optimization.
Read more

FAQ

What are the main differences between VMess and XTLS?
VMess is V2Ray's earliest encryption protocol, using a hybrid encryption system with moderate performance but good compatibility. XTLS is an optimized protocol based on TLS 1.3, significantly improving performance by avoiding double encryption while maintaining high security and strong anti-detection capabilities.
In what scenarios is the mKCP protocol suitable?
mKCP is suitable for high-latency, high-packet-loss network environments such as mobile networks or cross-border connections. It improves stability through fast retransmission and flow control mechanisms but consumes more bandwidth.
Is XTLS more secure than VMess?
XTLS and VMess are comparable in encryption strength, both providing high security. XTLS's advantages lie in performance improvement and better traffic camouflage, but it requires support from both client and server.
Read more