从v25.7.23开始 Loon 无法连接到服务器

[Loon0x00]

完整性要求

• 我读完了 issue 模板中的所有注释，确保填写符合要求。
• 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
• 我提供了完整的配置文件和日志，而不是出于自己的判断只给出截取的部分。
• 我搜索了 issues, 没有发现已提出的类似问题。
• 问题在 Release 最新的版本上可以成功复现

描述

Loon iOS 客户端在今年4月份的时候增加了 Reality，配合当时最新的 Xray-core 可以正常使用；最近有用户反馈使用VLESS+Vision+Reality 无法连接最新版本的 Xray-core，我测试了一下，从 Xray-core v25.7.23开始就出现了异常，之前版本都没问题。Loon 进行 TLS 握手就失败了，具体在服务端接收到Clienthello后就失败了，具体错误见服务端日志。目前不知道是否是 Loon 的 Reality 实现有问题还是其他问题，希望能结合服务端源码给出建议。

重现方式

使用Loon最新的正式版本添加一个VLESS+Vision+Reality 节点，进行延迟测试出现失败。

客户端配置

VLESS+VISION+REALITY = VLESS,192.168.3.124,2345,"xxxxxx",transport=tcp,flow=xtls-rprx-vision,public-key="xxxxxx",short-id=791ea42d7cb7,udp=true,block-quic=false,over-tls=true,sni=apple.com

服务端配置

{
    "log": {
        "access": "/log/access.log",
        "error": "/log/error.log",
        "loglevel": "debug"
    },
    "inbounds": [
        {
            "port": 2345,
            "protocol": "vless",
            "settings": {
              "clients": [
                      {
                          "id": "xxxxxx", 
                          "flow": "xtls-rprx-vision"
                      }
                  ],
              "decryption": "none"
            },
            "streamSettings": {
              "network": "tcp",
              "security": "reality",
              "realitySettings": {
                    "maxClientVer": "",
                    "maxTimediff": 0,
                    "minClientVer": "",
                    "mldsa65Seed": "9pgOimstoay_WQjJPKV3S4pQREbBNylAVWgIEoqPGF4",
                    "privateKey": "xxxxxx",
                    "serverNames": [
                        "apple.com"
                    ],
                    "shortIds": [
                        "791ea42d7cb7",
                        "3f",
                        "4629",
                        "101b139e48",
                        "756b66",
                        "bf848b20db25355e",
                        "821509cd",
                        "9526c9145ac33d"
                        ],
                    "show": true,
                    "target": "apple.com:443",
                    "xver": 0
                },
                "tcpSettings": {
                "acceptProxyProtocol": false,
                "header": {
                    "type": "none"
                    }
                }
              }
          }
      ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ],
    "inboundDetour": [],
    "outboundDetour": [
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "routing": {
        "strategy": "rules",
        "settings": {
            "rules": [
                {
                    "type": "field",
                    "ip": [
                    ],
                    "outboundTag": "blocked"
                }
            ]
        }
    }
}

客户端日志

Loon进行节点测试时使用wireshark抓取的tls握手数据包：

服务端日志

在 Xray-core v25.7.23 上面的日志：

Xray 25.7.23 (Xray, Penetrates Everything.) Custom (go1.24.0 darwin/arm64)
A unified platform for anti-censorship.
2025/12/06 01:53:32.939159 [Info] infra/conf/serial: Reading config: &{Name:config.json Format:json}
REALITY remoteAddr: 192.168.3.122:54860
REALITY remoteAddr: 192.168.3.122:54860	hs.c.AuthKey[:16]: [196 178 31 7 222 118 238 124 175 96 135 255 197 219 132 181]	AEAD: *gcm.GCM
REALITY remoteAddr: 192.168.3.122:54860	hs.c.ClientVer: [24 9 7]
REALITY remoteAddr: 192.168.3.122:54860	hs.c.ClientTime: 2025-12-06 01:53:44 +0800 CST
REALITY remoteAddr: 192.168.3.122:54860	hs.c.ClientShortId: [121 30 164 45 124 183 0 0]
REALITY remoteAddr: 192.168.3.122:54860	hs.c.conn == conn: true
REALITY remoteAddr: 192.168.3.122:54860	len(s2cSaved): 3321	Server Hello: 127
REALITY remoteAddr: 192.168.3.122:54860	len(s2cSaved): 3194	Change Cipher Spec: 6
REALITY remoteAddr: 192.168.3.122:54860	len(s2cSaved): 3188	Encrypted Extensions: 3188
REALITY remoteAddr: 192.168.3.122:54860	is using X25519MLKEM768 for TLS' communication: false
REALITY remoteAddr: 192.168.3.122:54860	is using ML-DSA-65 for cert's extra signature: true
REALITY remoteAddr: 192.168.3.122:54860	hs.handshake() err: payload[0]: 8, padding: -486
REALITY remoteAddr: 192.168.3.122:54860	hs.c.isHandshakeComplete.Load(): false

在 Xray-core v25.6.8上面的日志：

Xray 25.6.8 (Xray, Penetrates Everything.) Custom (go1.24.0 darwin/arm64)
A unified platform for anti-censorship.
2025/12/06 01:18:53.727561 [Info] infra/conf/serial: Reading config: &{Name:config.json Format:json}
REALITY remoteAddr: 192.168.3.122:54036
REALITY remoteAddr: 192.168.3.122:54036	hs.c.AuthKey[:16]: [50 120 64 182 128 37 89 209 254 61 92 127 58 153 203 200]	AEAD: *gcm.GCM
REALITY remoteAddr: 192.168.3.122:54036	hs.c.ClientVer: [24 9 7]
REALITY remoteAddr: 192.168.3.122:54036	hs.c.ClientTime: 2025-12-06 01:19:02 +0800 CST
REALITY remoteAddr: 192.168.3.122:54036	hs.c.ClientShortId: [121 30 164 45 124 183 0 0]
REALITY remoteAddr: 192.168.3.122:54036	hs.c.conn == conn: true
REALITY remoteAddr: 192.168.3.122:54036	len(s2cSaved): 3321	Server Hello: 127
REALITY remoteAddr: 192.168.3.122:54036	len(s2cSaved): 3194	Change Cipher Spec: 6
REALITY remoteAddr: 192.168.3.122:54036	len(s2cSaved): 3188	Encrypted Extensions: 3188
REALITY remoteAddr: 192.168.3.122:54036	hs.handshake() err: <nil>
REALITY remoteAddr: 192.168.3.122:54036	hs.readClientFinished() err: <nil>
REALITY remoteAddr: 192.168.3.122:54036	hs.c.handshakeStatus: true

[RPRX]

感谢反馈，REALITY 服务端配置有“mldsa65Seed”，这个是七月份新增的配置，但是对目标网站的证书长度有要求，详见 #4915

六月份的版本没有识别该配置所以没问题

如果需要该配置真正起作用，客户端还需实现“mldsa65Verify”（对应分享链接参数 pqv），以对证书消息进行抗量子的额外验证