XHTTP transport: New options for bypassing CDN's potential detection https://github.com/XTLS/Xray-core/pull/5414 & Finalmask: Add XICMP, XDNS (relies on mKCP, like DNSTT), header-*, mkcp-*

为了捍卫通信自由，本次重点更新内容：

1. XHTTP 新增了一些选项，以绕过潜在的 CDN 检测（尚未定型，不建议第三方实现现在跟进），详见 https://github.com/XTLS/Xray-core/pull/5414
2. Xray-core HTTP 请求的 User-Agent 均由 Go 改为动态 Chrome（可被 headers 等配置覆写），详见 https://github.com/XTLS/Xray-core/pull/5658
3. Finalmask UDP 新增了 XICMP、XDNS、header-*、mkcp-*，分享链接标准 https://github.com/XTLS/Xray-core/discussions/716 已更新 fm、pcs、vcn
4. Finalmask UDP 支持了 WireGuard、SS AEAD/2022 等代理层协议产生的 UDP 流量，详见 https://github.com/XTLS/Xray-core/pull/5643
5. TLS 移除了 allowInsecure 配置项，请使用 pinnedPeerCertSha256 和 verifyPeerCertByName 代替，详见 https://github.com/XTLS/Xray-core/commit/2c92339f95fe9aa493b6ae51d3b07017a44c4014
6. 进一步降低了 Xray-core 启动时的瞬时内存占用 https://github.com/XTLS/Xray-core/pull/5581 ，对于 iOS/router 请测试 https://github.com/XTLS/Xray-core/pull/5505
7. v26.2.6 包含一些 v26.1.23 新增功能的配置项变更、重要修复，请及时升级 Xray-core 以及 GUI 客户端

https://t.me/projectXtls/1464 此外我们将于下个月推出 XDRIVE 传输层与 XICMP 伪装层，前者可利用网盘、S3 stores 等服务传输数据，不需要自有公网 IP，而是通过潜在的白名单 IP 进行代理，或者境外能访问到境内的服务也行

https://t.me/projectXtls/1473 定义已经清晰，“最终伪装层”是最底层的一个“不可靠的传输层”，比如对于 UDP 它只做每个包的伪装而不会确保可靠传输（依赖上层 mKCP/QUIC/WG，或者代理协议就是想要原生 UDP 特性），另一方面它放的那些东西天马行空、不具备抗检测的鲁棒性但可能就是有奇效，比如现在已有的 XICMP、XDNS、header-*、mkcp-*、Salamander，后续还会把 TCP/TLS fragment、UDP noises 移过来，它们都支持分享，以及据称有用的 ASCII、gfw-killer 想要的在 TCP 流开头加自定义数据等，还可能加 MC 等游戏伪装，如果你有天马行空的 idea 也可以提出

分两种情况，一种是只加 header 一种是真的通过那个东西传输数据，第一种会被命名为 header-*，第二种会被命名为 X*，懒得起名了，另外 TCP 的那些伪装可以通过 VLESS fallbacks offload 给别的程序

https://t.me/projectXtls/1478 不在乎主动探测的话其实最简单的方法就是 REALITY 加随便填 SNI，服务端允许的值和客户端填写的值对得上就行，不需要自签再 pin 那么麻烦，且几乎所有客户端都支持 REALITY 及其分享，这不比自签强吗

https://t.me/projectXtls/1490 为了给少数机场一些迁移时间，今天的版本将 allowInsecure 设为了延时自动禁用（UTC 2026.6.1 00:00），请联系你的机场主为 allowInsecure 的订阅配置加上 pcs/vcn，即可同时兼容新旧版本

这和明文 HTTP 面板一样是 *ray 一开始就有的安全设计问题，可以允许自签但从一开始就不该给出完全不验证证书的选项，然后又错误地被越来越多的代理软件学去，GFW 一个主动探测就知道你能被 MITM

毕竟现在的代理已经越来越多地转向 VLESS、Trojan、Hy2 等内层明文、依赖 TLS 层安全的协议，所以在已知 GFW 拥有完备的 MITM 能力且在其它国家进行过大规模尝试后，这个问题必须得到纠正

Sponsors

Sponsor Xray-core

Donation & NFTs

Collect a Project X NFT to support the development of Project X!

<img alt="Project X NFT" width="150px" src="https://raw2.seadn.io/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/7fa9ce900fb39b44226348db330e32/8b7fa9ce900fb39b44226348db330e32.svg" />

• TRX(Tron)/USDT/USDC: TNrDh5VSfwd4RPrwsohr6poyNTfFefNYan
• TON: UQApeV-u2gm43aC1uP76xAC1m6vCylstaN1gpfBmre_5IyTH
• BTC: 1JpqcziZZuqv3QQJhZGNGBVdCBrGgkL6cT
• XMR: 4ABHQZ3yJZkBnLoqiKvb3f8eqUnX4iMPb6wdant5ZLGQELctcerceSGEfJnoCk6nnyRZm73wrwSgvZ2WmjYLng6R7sR67nq
• SOL/USDT/USDC: 3x5NuXHzB5APG6vRinPZcsUv5ukWUY1tBGRSJiEJWtZa
• ETH/USDT/USDC: 0xDc3Fe44F0f25D13CACb1C4896CD0D321df3146Ee
• Project X NFT: https://opensea.io/item/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/1
• VLESS NFT: https://opensea.io/collection/vless
• REALITY NFT: https://opensea.io/item/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/2
• Related links: VLESS Post-Quantum Encryption, XHTTP: Beyond REALITY, Announcement of NFTs by Project X

该版本升级了一些依赖，并使用 Go 1.25.7 拉满 inline 编译，已 tag v1.260206.0，感谢所有贡献者，详见下方 change log

What's Changed

• TUN inbound: Disable RACK/TLP recovery to fix connection stalls by @KiGamji in https://github.com/XTLS/Xray-core/pull/5600
• TUN inbound: Enhance Darwin interface support by @Owersun in https://github.com/XTLS/Xray-core/pull/5598
• Hysteria transport: Support range & random for interval in udphop as well by @LjhAUMEM in https://github.com/XTLS/Xray-core/pull/5603
• Geodat: Reduce peak memory usage by @Meo597 in https://github.com/XTLS/Xray-core/pull/5581
• TUN inbound: Add iOS support by @evozi-team in https://github.com/XTLS/Xray-core/pull/5612
• VMess inbound: Optimize replay filter by @Fangliding in https://github.com/XTLS/Xray-core/pull/5562
• README.md: Add Egern & Quantumult X to Others by @nasaboy in https://github.com/XTLS/Xray-core/pull/5624
• Upgrade gVisor to latest version v0.0.0-20260122175437-89a5d21be8f0 by @RPRX in https://github.com/XTLS/Xray-core/commit/9c46a2d55a46490867589c03aada2dd6b5ffb53f
• TLS config: allowInsecure->pinnedPeerCertSha256; verifyPeerCertInNames->verifyPeerCertByName by @RPRX in https://github.com/XTLS/Xray-core/commit/2c92339f95fe9aa493b6ae51d3b07017a44c4014
• Commands: Print leaf cert's SHA256 in tls ping by @Fangliding @RPRX in https://github.com/XTLS/Xray-core/pull/5628
• MPH domian matcher: Support building & using cache directly (instead of building from geosite.dat when Xray starts) by @hossinasaadi in https://github.com/XTLS/Xray-core/pull/5505
• XHTTP transport: New options for bypassing CDN's potential detection by @paqx @Fangliding in https://github.com/XTLS/Xray-core/pull/5414
• Finalmask: Add XDNS (relies on mKCP, like DNSTT), header-*, mkcp-* by @LjhAUMEM in https://github.com/XTLS/Xray-core/pull/5560
• XHTTP transport: Fix "auto" mode with REALITY by @paqx in https://github.com/XTLS/Xray-core/pull/5638
• Finalmask: Add XICMP (relies on mKCP/QUIC or WireGuard) by @LjhAUMEM in https://github.com/XTLS/Xray-core/pull/5633
• Chore: Generate *.pb.go files with protoc v6.33.5 by @RPRX in https://github.com/XTLS/Xray-core/commit/d14767d4f307dd42e6b41c4871480bcb85437b21
• Commands: Print CA cert's SHA256 in tls ping by @Fangliding in https://github.com/XTLS/Xray-core/pull/5644
• Finalmask UDP: Support WireGuard & Shadowsocks AEAD/2022 by @LjhAUMEM in https://github.com/XTLS/Xray-core/pull/5643
• Xray-core: Dynamic Chrome User-Agent for all HTTP requests by default (overwriteable through config) by @RPRX @Fangliding in https://github.com/XTLS/Xray-core/commit/b7a22c729be98e613d90ab8e1140b72ea009696b
• TLS client: Simplify cert's verification code by @Fangliding in https://github.com/XTLS/Xray-core/pull/5656
• Workflows: Add simple consistency check for *.pb.go files to test.yml by @Fangliding in https://github.com/XTLS/Xray-core/pull/5646
• XICMP finalmask: Refine seq by @LjhAUMEM in https://github.com/XTLS/Xray-core/pull/5652

New Contributors

• @KiGamji made their first contribution in https://github.com/XTLS/Xray-core/pull/5600
• @evozi-team made their first contribution in https://github.com/XTLS/Xray-core/pull/5612
• @nasaboy made their first contribution in https://github.com/XTLS/Xray-core/pull/5624
• @paqx made their first contribution in https://github.com/XTLS/Xray-core/pull/5414

Full Changelog: https://github.com/XTLS/Xray-core/compare/v26.1.23...v26.2.6