VLESS vs Trojan: Performance and Stealth Comparison of Modern Proxy Protocols

7/10/2026 · 3 min

Introduction

As network censorship techniques evolve, proxy protocols continue to iterate. VLESS and Trojan, two protocols that have gained significant attention in recent years, make different trade-offs between performance and stealth. This article provides a comparative analysis from multiple key dimensions.

Protocol Design Philosophy

VLESS

VLESS (V2Ray Less) is a lightweight protocol introduced by the V2Ray project, designed to reduce handshake overhead and encryption redundancy. It adopts a stateless design, meaning the server does not need to maintain session state, thereby lowering resource consumption. By default, VLESS does not encrypt the entire traffic stream; instead, it relies on the transport layer (e.g., TLS) for encryption, resulting in a minimal protocol header that enhances transmission efficiency.

Trojan

Trojan's design philosophy is to "masquerade as HTTPS traffic." It runs directly over TLS and uses the same port 443 as standard HTTPS, making its traffic pattern indistinguishable from normal web browsing. Trojan's protocol format is simple, consisting only of a password verification field, with the rest being standard TLS-encrypted data, offering extremely high stealth.

Performance Comparison

Handshake Latency

Due to its stateless design, VLESS requires only one round trip (1-RTT) for the handshake, while Trojan, being TLS-based, typically needs 1-2 round trips (depending on the TLS version). Under ideal network conditions, VLESS has slightly lower handshake latency than Trojan.

Throughput

Under the same bandwidth conditions, VLESS achieves higher effective throughput due to its smaller protocol header overhead (approximately 2 bytes vs. Trojan's 56 bytes). In practical tests, VLESS throughput is typically 5%-10% higher than Trojan, with the advantage being more pronounced in long-lived connections.

CPU Usage

VLESS offloads all encryption and decryption tasks to the TLS layer, resulting in very low CPU usage. Trojan also relies on TLS, but its additional password verification logic introduces a small overhead. Overall, the CPU usage difference between the two is minimal, with VLESS having a slight edge.

Stealth Analysis

Traffic Characteristics

Trojan's traffic pattern is identical to standard HTTPS, including TLS handshake and certificate validation, making passive detection nearly impossible. Although VLESS is often used with TLS, its protocol header contains fixed features (e.g., protocol version number) that may be identified by deep packet inspection (DPI).

Active Probing

Trojan has strong resistance to active probing because its response behavior matches that of a real HTTPS server (returning 404 or 200). If VLESS is not properly configured, it may return specific error messages, revealing its proxy identity.

Deployment and Maintenance

VLESS requires integration with the V2Ray or Xray core, making configuration relatively complex, but it supports multiple transport layers (WebSocket, gRPC, etc.), offering high flexibility. Trojan is simple to deploy, typically requiring only a single binary and configuration file, but its transport layer is limited to TLS, resulting in limited extensibility.

Conclusion

| Dimension | VLESS | Trojan | |-----------|-------|--------| | Performance | High | Medium | | Stealth | Medium | High | | Deployment Complexity | Medium | Low | | Flexibility | High | Low |

The choice between VLESS and Trojan depends on specific needs: if pursuing maximum performance with moderate stealth requirements, VLESS is preferable; if high stealth is needed to counter censorship, Trojan is the safer option.

Related reading

Related articles

Tuic vs. Trojan: A Comparative Study of QUIC-Based Proxy Protocols in Anti-Interference and Low Latency
This article provides an in-depth comparison of Tuic and Trojan proxy protocols in terms of anti-interference and low latency. Tuic, based on QUIC, leverages UDP multiplexing and 0-RTT handshake for superior performance in poor network conditions, while Trojan, based on TLS over TCP, offers strong compatibility but is susceptible to TCP interference. Through theoretical analysis and real-world tests, we reveal their strengths and weaknesses across different network scenarios, guiding user selection.
Read more
Zero-Overhead Proxying: How VLESS Boosts Performance and Stealth Through Minimalist Design
VLESS is a lightweight proxy protocol that achieves near-zero performance overhead by eliminating redundant encryption and handshake steps. This article analyzes its design principles, performance advantages, and stealth enhancement mechanisms, comparing it with traditional proxy protocols.
Read more
Self-Hosted VPN Protocol Guide: Performance and Security Comparison of WireGuard vs. OpenVPN
This article provides an in-depth comparison of WireGuard and OpenVPN for self-hosted VPNs, analyzing performance, security, and usability to help technical decision-makers choose the best protocol for their needs.
Read more
VPN Proxy Protocols Deep Dive: A Comprehensive Comparison of OpenVPN, WireGuard, and IPsec
This article provides an in-depth comparison of three major VPN proxy protocols—OpenVPN, WireGuard, and IPsec—analyzing their security, performance, configuration complexity, and use cases to help readers choose the most suitable protocol.
Read more
VPN Proxy Protocol Comparison: Performance and Security Analysis of WireGuard vs. VLESS in Cross-Border Scenarios
This article provides an in-depth comparison of WireGuard and VLESS in cross-border scenarios, covering encryption mechanisms, transmission efficiency, anti-interference capabilities, and deployment recommendations to help users choose the optimal solution.
Read more
VPN Protocol Deep Dive: WireGuard vs OpenVPN vs IPSec — Performance and Security Trade-offs
This article provides an in-depth comparison of three major VPN protocols: WireGuard, OpenVPN, and IPSec, analyzing their strengths and weaknesses in performance, security, and usability to help readers make informed choices.
Read more

FAQ

Which is faster, VLESS or Trojan?
Under the same network conditions, VLESS is typically 5%-10% faster than Trojan due to its smaller protocol header overhead and lower handshake latency.
Is Trojan more secure than VLESS?
From a stealth perspective, Trojan's traffic pattern is identical to HTTPS, making it harder to detect. VLESS, while also supporting TLS, has fixed features in its protocol header that may be identified by DPI. Therefore, Trojan is more secure in terms of evading censorship.
Which is more complex to deploy, VLESS or Trojan?
Trojan is simpler to deploy, typically requiring only a single binary and configuration file. VLESS requires integration with the V2Ray or Xray core, making configuration more complex but offering higher flexibility.
Read more