Without TLS

[bart3nder]

Hi!
So since the only protocol that has it's own encryption is VMess, and Vless and Trojan should be used in a secure channel like TLS, what are the disadvantages of using them without TLS? Are there any security and privacy concerns? Like can the ISP read the traffic between client and server in Vless and understand what client is doing? (As far as I know Trojan can not be used without TLS, And VMess is not safe anymore, Like SS). I know the risk if IP ban and traffic detection, I'm asking for other things.
The reason why I'm asking is without using TLS, The connection is more stable, less throttled and faster, Due the fact ISPs are messing with encrypted (TLS based) protocols nowadays and other simple traffics are ok, So using Without TLS is getting popular.
Thanks!

[flowerinsnowdh]

说一说我的看法

---

Are there any security and privacy concerns? Like can the ISP read the traffic between client and server in Vless and understand what client is doing?

VLESS 本身没有进行加密，也就是说它有着明文头部，有着明文的协议/目标/用户ID；但是一般浏览网页以及大部分程序调用接口使用的是 HTTPS，它本身就有一层加密，所以 VLESS 在不加密的情况下，ISP 仅知道你正在使用代理，以及你访问网页的目标（SNI），前提是你浏览时使用的是 HTTPS 协议

若不使用 TLS 信道，则会有以下后果

1. ISP 可以知道你正在使用代理服务器，可以非常精准地封锁服务器
2. ISP 可以知道你正在浏览的站点，但是仅知道站点域名
3. 由于用户ID是明文的，任何人都可以通过这个ID使用你的代理服务器

---

关于不使用 TLS，就要考虑到为什么纯字节流代理被淘汰了

因为代理协议存在特征，IP 才被封锁，要是它是个完全没有特征而是和互联网中一模一样的流量数据，它基本上不会被封锁。

纯字节流就是未知协议，而正常网络上未知协议其实很少；最大的特征就是流量大，且没有固定特征（没有特征亦或许就是一种特征）；若被认定为未知协议，很有可能就会被重点观察

TLS 不是最好的代理协议，但是是目前相较于其他协议更好的协议

---

我并非专业人士，或许有不能完全理解和误导的地方，还请见谅

---

实际上 VMess、Shadowsocks 并不是一定会被封锁，主要还是看地区，如果资源充足是可以试试看的

[bart3nder]

Thanks for the complete answer, highly appreciated.

[testcaoy7]

Security ! = Anti-blocking

1, TLS is secure. Being the major internet standard on security, it is proven to be secure.

2, TLS can be found almost everywhere. More than 90% of web traffic run on TLS. Censors and ISPs usually consider TLS traffic as normal web traffic and do not throttle the speed nor block the connection. This gives Xray a strong anti-blocking capability if proxying through TLS.

3, Homebrewed encrypted protocols like Shadowsocks can provide certain features that TLS cannot. PSK for example, can offer some degree of quantum resistance if programmed correctly. Unfortunately, I doubt that any ISP on this world will use a genuine quantum computer as a firewall, at least not in several decays. Besides, nobody can give you any promise that encryptions used in homebrewed protocols are applied correctly.

[bart3nder]

Thanks for the answer, appreciate it.