A way to trigger the `ERR_SSL_PROTOCOL_ERROR` error

[Vdu6n1XMrq6694a8]

Integrity requirements

• I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• I provided the complete config and logs, rather than just providing the truncated parts based on my own judgment.
• I searched issues and did not find any similar issues.
• The problem can be successfully reproduced in the latest Release

Description

Summary

I have found a reliable way to reproduce ERR_SSL_PROTOCOL_ERROR, which can be reproduced on the latest Xray 25.8.3 with Chrome 139.
This reproduction method is not artificially constructed, but comes from a real example. I have simplified it for ease of description, so that maintainers can reproduce it more easily.

Reproduction

In this example, there are three configuration files:

• A is the client, exposing port 10000, and uses vmess+ws with "security": "zero" to connect to B.
• B is the server, exposing port 10001, and uses vmess+tcp with "security": "none" to connect to C.
• C is another server, exposing port 10002, whose outbound is freedom.
  The Chrome browser connects to A’s 10000 socks5 via Zero Omega (also known as Switch Omega).

The diagram is as follows:

From my testing, almost any popular website can trigger this error, as it occurs randomly on certain requests. It is recommended to use websites with a large number of requests for testing, such as x.com/ yahoo.com and baidu.com (if you are in CN).

Analysis

I have tried modifying the configuration to bypass this error and found that the value of security is the key factor. The issue can only be reproduced when using zero for A→B and none for B→C.

Whether TLS is used or not does not affect the outcome.

Temporary solution

Please do not mix zero and none; it is recommended to use zero consistently.

Reproduction Method

For easier reproduction, you can use the configuration files I have prepared.

a.json b.json c.json

Client config

A:

Details

{
	"inbounds": [
		{
			"port": 10000,
			"protocol": "socks"
		}
	],
	"outbounds": [
		{
			"protocol": "vmess",
			"settings": {
				"vnext": [
					{
						"address": "127.0.0.1",
						"port": 10001,
						"users": [
							{
								"id": "3ab8d74b-8f26-4cdc-9ed2-679119ca7e9d",
								"security": "zero"
							}
						]
					}
				]
			},
			"streamSettings": {
				"network": "ws",
				"wsSettings": {
					"path": "/7a33adbc-d353-4962-b1ec-dc9465b53df6/"
				}
			}
		}
	]
}

Server config

B:

Details

{
	"log": {
		"loglevel": "info"
	},
	"inbounds": [
		{
			"port": 10001,
			"protocol": "vmess",
			"streamSettings": {
				"network": "ws",
				"wsSettings": {
					"path": "/7a33adbc-d353-4962-b1ec-dc9465b53df6/"
				}
			},
			"settings": {
				"clients": [
					{
						"id": "3ab8d74b-8f26-4cdc-9ed2-679119ca7e9d"
					}
				]
			}
		}
	],
	"outbounds": [
		{
			"protocol": "vmess",
			"settings": {
				"vnext": [
					{
						"address": "127.0.0.1",
						"port": 10002,
						"users": [
							{
								"id": "93961608-8bb7-4f9e-8c42-18f0310a90e5",
								"security": "none"
							}
						]
					}
				]
			}
		}
	]
}

C:

Details

{
	"inbounds": [
		{
			"port": 10002,
			"protocol": "vmess",
			"streamSettings": {
				"network": "tcp"
			},
			"settings": {
				"clients": [
					{
						"id": "93961608-8bb7-4f9e-8c42-18f0310a90e5"
					}
				]
			}
		}
	],
	"outbounds": [
		{
			"protocol": "freedom"
		}
	]
}

Client log

Nothing noteworthy.

Server log

Details

2025/08/11 01:36:15.735261 [Info] [2948759031] app/proxyman/inbound: connection ends > proxy/vmess/inbound: connection ends > proxy/vmess/inbound: failed to transfer request > websocket: close 1000 (normal)
2025/08/11 01:36:15.735359 [Info] [3635949511] app/proxyman/inbound: connection ends > proxy/vmess/inbound: connection ends > proxy/vmess/inbound: failed to transfer request > websocket: close 1000 (normal)
2025/08/11 01:36:16.371330 [Info] [3396260618] proxy/vmess/inbound: received request for tcp:abs.twimg.com:443
2025/08/11 01:36:16.371477 [Info] [3396260618] app/dispatcher: default route for tcp:abs.twimg.com:443
2025/08/11 01:36:16.371483 [Info] [3396260618] transport/internet/tcp: dialing TCP to tcp:127.0.0.1:10002
2025/08/11 01:36:16.371463 from 127.0.0.1:54827 accepted tcp:abs.twimg.com:443
2025/08/11 01:36:16.371549 [Info] [3396260618] proxy/vmess/outbound: tunneling request to tcp:abs.twimg.com:443 via 127.0.0.1:10002
2025/08/11 01:36:16.670704 [Info] [565222957] proxy/vmess/inbound: received request for tcp:abs.twimg.com:443
2025/08/11 01:36:16.670717 [Info] [565222957] app/dispatcher: default route for tcp:abs.twimg.com:443
2025/08/11 01:36:16.670719 [Info] [565222957] transport/internet/tcp: dialing TCP to tcp:127.0.0.1:10002
2025/08/11 01:36:16.670722 from 127.0.0.1:54832 accepted tcp:abs.twimg.com:443
2025/08/11 01:36:16.670852 [Info] [565222957] proxy/vmess/outbound: tunneling request to tcp:abs.twimg.com:443 via 127.0.0.1:10002
2025/08/11 01:36:17.808689 [Info] [565222957] app/proxyman/inbound: connection ends > proxy/vmess/inbound: connection ends > proxy/vmess/inbound: failed to transfer request > websocket: close 1000 (normal)
2025/08/11 01:36:18.076414 [Info] [2940047257] app/proxyman/inbound: connection ends > proxy/vmess/inbound: connection ends > proxy/vmess/inbound: failed to transfer request > websocket: close 1000 (normal)
2025/08/11 01:36:19.387245 [Info] [3396260618] app/proxyman/inbound: connection ends > proxy/vmess/inbound: connection ends > proxy/vmess/inbound: failed to transfer request > websocket: close 1000 (normal)

[patterniha]

I found the bug, Wow and woW.