VLESS + XHTTP + REALITY 在 flow=xtls-rprx-vision 下无法连接,报 “XTLS only supports TLS and REALITY directly for now”,但 26.1.18 提示必须迁移到 flow #5576
Description
完整性要求
- 我读完了 issue 模板中的所有注释,确保填写符合要求。
- 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
- 我提供了完整的配置文件和日志,而不是出于自己的判断只给出截取的部分。
- 我搜索了 issues, 没有发现已提出的类似问题。
- 问题在 Release 最新的版本上可以成功复现
描述
-
版本:Xray 26.1.18(Linux)
-
场景:VLESS + XHTTP + REALITY
-
现象:按 26.1.18 的提示迁移到 flow: "xtls-rprx-vision"(客户端/服务端都加)后,连接失败。
-
客户端日志关键错误:
proxy/vless/outbound: XTLS only supports TLS and REALITY directly for now.
-
结论:XHTTP + REALITY 不能使用 Vision flow,但 26.1.18 的弃用提示会误导用户必须迁移到 flow。
-
期望:
- 文档/提示明确 xHTTP 不能使用 Vision flow;或
- 警告只对支持 Vision 的传输方式提示。
重现方式
- 使用下方服务端配置启动 Xray
- 使用下方客户端配置启动 Xray
- 通过客户端 SOCKS 访问任意 HTTPS 域名(如 curl --socks5-hostname 127.0.0.1:10808 https://www.cloudflare.com)
- 客户端日志出现:XTLS only supports TLS and REALITY directly for now,连接失败
- 将两端 flow 去掉后,连接恢复正常(验证是 flow + xHTTP 组合导致)
客户端配置
Details
{
"log": {
"loglevel": "debug"
},
"dns": {
"dnsLog": true,
"servers": [
"1.1.1.1",
"8.8.8.8"
]
},
"inbounds": [
{
"tag": "socks",
"port": 10808,
"listen": "127.0.0.1",
"protocol": "mixed",
"settings": {
"auth": "noauth",
"udp": true
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "YOUR_SERVER_IP",
"port": 14183,
"users": [
{
"id": "11111111-2222-3333-4444-555555555555",
"email": "test@local",
"encryption": "none",
"flow": "xtls-rprx-vision"
}
]
}
]
},
"streamSettings": {
"network": "xhttp",
"security": "reality",
"xhttpSettings": {
"path": "/xhttp",
"host": "www.example.com",
"mode": "auto"
},
"realitySettings": {
"serverName": "www.example.com",
"fingerprint": "chrome",
"show": false,
"publicKey": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"shortId": "0123456789abcdef",
"spiderX": ""
}
}
},
{
"tag": "direct",
"protocol": "freedom"
},
{
"tag": "block",
"protocol": "blackhole"
}
]
}
服务端配置
Details
{
"log": {
"loglevel": "debug"
},
"dns": {
"dnsLog": true,
"servers": [
"1.1.1.1"
]
},
"inbounds": [
{
"port": 14183,
"listen": "0.0.0.0",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "11111111-2222-3333-4444-555555555555",
"email": "test@local",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "xhttp",
"security": "reality",
"realitySettings": {
"show": false,
"target": "www.example.com:443",
"xver": 0,
"serverNames": [
"www.example.com"
],
"privateKey": "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",
"publicKey": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"maxTimeDiff": 70000,
"shortIds": [
"0123456789abcdef"
]
},
"xhttpSettings": {
"host": "www.example.com",
"path": "/xhttp",
"mode": "auto"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom"
},
{
"tag": "block",
"protocol": "blackhole"
}
]
}
客户端日志
Details
2026/01/19 23:22:14.675376 [Info] transport/internet/splithttp: XHTTP is dialing to tcp:YOUR_SERVER_IP:14183, mode stream-one, HTTP version 2, host www.example.com
2026/01/19 23:22:14.675376 [Info] proxy/vless/outbound: tunneling request to tcp:edge.microsoft.com:443 via YOUR_SERVER_IP:14183
2026/01/19 23:22:14.675376 [Info] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TLS and REALITY directly for now.
服务端日志
服务端日志正常