From 0fd7691d6b28e05922d7a5a9313d97745a51ea63 Mon Sep 17 00:00:00 2001
From: RPRX <63339210+RPRX@users.noreply.github.com>
Date: Wed, 13 Aug 2025 11:24:10 +0000
Subject: [PATCH] Fix reading ticket hello

https://github.com/XTLS/Xray-core/pull/4952#issuecomment-3183283514
https://github.com/XTLS/Xray-core/pull/4952#issuecomment-3183324745
---
 proxy/vless/encryption/client.go | 12 ++++++------
 proxy/vless/encryption/server.go | 13 +++++--------
 2 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/proxy/vless/encryption/client.go b/proxy/vless/encryption/client.go
index 52b4828b..ecccdca0 100644
--- a/proxy/vless/encryption/client.go
+++ b/proxy/vless/encryption/client.go
@@ -212,19 +212,19 @@ func (c *ClientConn) Read(b []byte) (int, error) {
 			}
 		}
 		if t != 0 {
-			return 0, errors.New("unexpected type ", t, ", expect server random")
+			return 0, errors.New("unexpected type ", t, ", expect random hello")
 		}
-		peerRandom := make([]byte, 32)
-		if l != len(peerRandom) {
-			return 0, errors.New("unexpected length ", l, " for server random")
+		peerRandomHello := make([]byte, 32)
+		if l != len(peerRandomHello) {
+			return 0, errors.New("unexpected length ", l, " for random hello")
 		}
-		if _, err := io.ReadFull(c.Conn, peerRandom); err != nil {
+		if _, err := io.ReadFull(c.Conn, peerRandomHello); err != nil {
 			return 0, err
 		}
 		if c.random == nil {
 			return 0, errors.New("empty c.random")
 		}
-		c.peerAead = NewAead(ClientCipher, c.baseKey, peerRandom, c.random)
+		c.peerAead = NewAead(ClientCipher, c.baseKey, peerRandomHello, c.random)
 		c.peerNonce = make([]byte, 12)
 	}
 	if len(c.peerCache) != 0 {
diff --git a/proxy/vless/encryption/server.go b/proxy/vless/encryption/server.go
index 71aed4a2..4765ce0e 100644
--- a/proxy/vless/encryption/server.go
+++ b/proxy/vless/encryption/server.go
@@ -203,20 +203,17 @@ func (c *ServerConn) Read(b []byte) (int, error) {
 			if t != 0 {
 				return 0, errors.New("unexpected type ", t, ", expect ticket hello")
 			}
-			peerTicket := make([]byte, 21)
-			if l != len(peerTicket) {
+			peerTicketHello := make([]byte, 21+32)
+			if l != len(peerTicketHello) {
 				return 0, errors.New("unexpected length ", l, " for ticket hello")
 			}
-			if _, err := io.ReadFull(c.Conn, peerTicket); err != nil {
+			if _, err := io.ReadFull(c.Conn, peerTicketHello); err != nil {
 				return 0, err
 			}
-			if !bytes.Equal(peerTicket, c.ticket) {
+			if !bytes.Equal(peerTicketHello[:21], c.ticket) {
 				return 0, errors.New("naughty boy")
 			}
-			c.peerRandom = make([]byte, 32)
-			if _, err := io.ReadFull(c.Conn, c.peerRandom); err != nil {
-				return 0, err
-			}
+			c.peerRandom = peerTicketHello[21:]
 		}
 		c.peerAead = NewAead(c.cipher, c.baseKey, c.peerRandom, c.ticket)
 		c.peerNonce = make([]byte, 12)