Xray-core icon indicating copy to clipboard operation
Xray-core copied to clipboard

Published 20 hours ago verified publisher icon XTLS

ERR_SSL_PROTOCOL_ERROR with xtls-rprx-vision

Open Keduber opened this issue 1 year ago • 2 comments

Getting unpredictable error ERR_SSL_PROTOCOL_ERROR in Chrome on Windows 10 while opening random sites. F5 fix problems. Can get this error 1-2 times a day or not have it for 2 days at all.

Only disabling xtls-rprx-vision for VLESS TCP Reality helps. Found site that can give this error more frequently - https://www.ssllabs.com/ssltest . Without xtls-rprx-vision it will load normally with xtls-rprx-vision 1 of 5 attempts can give ERR_SSL_PROTOCOL_ERROR. (not shure that this is 100% my case but without xtls-rprx-vision there is no errors on ither sites too and with xtls-rprx-vision there are errors)

Xray version 1.8.6 and 1.8.7. Protocol VLESS TCP Reality (made sni variations - no reaction). Different servers and locations. Ubuntu 22.04. No errors in xray logs or any other logs. Protocl port 443 (with HAProxy) and any other (without HAProxy) also used.

Simular to

https://github.com/XTLS/Xray-core/issues/1310 https://github.com/XTLS/Xray-core/issues/1454

Keduber avatar Feb 10 '24 07:02 Keduber

Yes, I confirm. I have also encountered an error in the last few months. I may not receive an error for several days, and then see it several times in one. No logs, no errors - nothing that would indicate an error. I was getting the error in Firefox, Chrome (regular and incognito), Windows and Linux.

I can add that on version 1.8.4 I don't remember encountering this error (although maybe I just didn't pay attention to it)

jomertix avatar Feb 10 '24 10:02 jomertix

This could be due to incorrect buffer management, such as overflows, underflows, or improper use of the buffer when encrypting/decrypting data, which could result in SSL/TLS handshake failures.

common/buf/buffer.go:

   var pool = bytespool.GetPool(Size)

This snippet is related to buffer pooling. If buffers from the pool are not managed correctly (e.g., not zeroed out before reuse), it could lead to data leakage or corruption, which might indirectly cause handshake issues.

common/crypto/chunk.go:

   const sliceSize = 8192
   mb2Write := make(buf.MultiBuffer, 0, mbLen/buf.Size+mbLen/sliceSize+2)

this snippet does not directly deal with cryptographic operations, it does handle the slicing of buffers that could be used in such operations. If the chunks are not properly managed, it could potentially lead to issues with the data being encrypted or decrypted incorrectly.

us254 avatar Feb 19 '24 21:02 us254

Fixed

yuhan6665 avatar Mar 07 '24 00:03 yuhan6665