Replies: 3 comments 1 reply
-
|
Members in the Project X group reminded me that X25519MLKEM768 requires golang 1.24+ and golang does not use OpenSSL. |
Beta Was this translation helpful? Give feedback.
-
|
编译参数 然而teddysun的编译环境是黑盒,我们看不到 你可以改用官方镜像ghcr.io/xtls/xray-core:latest |
Beta Was this translation helpful? Give feedback.
-
|
编译脚本如下: Golang 版本是 1.25.0 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your response. Then it's clear that I might made wrong assumptions while diagnosing the problem. Another user also reported a similar error message. I'm not sure which image does this user use. 
I will just leave the discussion here for experts to diagnose. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The problem
While using teddysun's Docker container for Xray, I found a potential issue caused by its legacy OpenSSL version.
I used an nginx+websocket+tls configuration, and sometimes Xray completely fails to connect upon container start and continuously throws the following error:
[Error] [936000282] transport/internet/websocket: failed to dial to <SERVER_ADDRESS> > remote error: tls: illegal parameter
The problem may only occur after restarting the container a few times.
I used Wireshark to investigate and found that Xray is trying to handshake with X25519MLKEM768 cipher suites, which are not available in the OpenSSL version installed in the latest Xray container image as of September 10th, 2025.
To solve this issue, the openssl package should be upgraded to v3.5 or later. You can verify this by first installing OpenSSL in the container and then running a test command:
This problem is confusing for users.
To fix the problem
Beta Was this translation helpful? Give feedback.
All reactions