VLESS vs Trojan: Performance and Stealth Comparison of Modern Proxy Protocols
Introduction
As network censorship techniques evolve, proxy protocols continue to iterate. VLESS and Trojan, two protocols that have gained significant attention in recent years, make different trade-offs between performance and stealth. This article provides a comparative analysis from multiple key dimensions.
Protocol Design Philosophy
VLESS
VLESS (V2Ray Less) is a lightweight protocol introduced by the V2Ray project, designed to reduce handshake overhead and encryption redundancy. It adopts a stateless design, meaning the server does not need to maintain session state, thereby lowering resource consumption. By default, VLESS does not encrypt the entire traffic stream; instead, it relies on the transport layer (e.g., TLS) for encryption, resulting in a minimal protocol header that enhances transmission efficiency.
Trojan
Trojan's design philosophy is to "masquerade as HTTPS traffic." It runs directly over TLS and uses the same port 443 as standard HTTPS, making its traffic pattern indistinguishable from normal web browsing. Trojan's protocol format is simple, consisting only of a password verification field, with the rest being standard TLS-encrypted data, offering extremely high stealth.
Performance Comparison
Handshake Latency
Due to its stateless design, VLESS requires only one round trip (1-RTT) for the handshake, while Trojan, being TLS-based, typically needs 1-2 round trips (depending on the TLS version). Under ideal network conditions, VLESS has slightly lower handshake latency than Trojan.
Throughput
Under the same bandwidth conditions, VLESS achieves higher effective throughput due to its smaller protocol header overhead (approximately 2 bytes vs. Trojan's 56 bytes). In practical tests, VLESS throughput is typically 5%-10% higher than Trojan, with the advantage being more pronounced in long-lived connections.
CPU Usage
VLESS offloads all encryption and decryption tasks to the TLS layer, resulting in very low CPU usage. Trojan also relies on TLS, but its additional password verification logic introduces a small overhead. Overall, the CPU usage difference between the two is minimal, with VLESS having a slight edge.
Stealth Analysis
Traffic Characteristics
Trojan's traffic pattern is identical to standard HTTPS, including TLS handshake and certificate validation, making passive detection nearly impossible. Although VLESS is often used with TLS, its protocol header contains fixed features (e.g., protocol version number) that may be identified by deep packet inspection (DPI).
Active Probing
Trojan has strong resistance to active probing because its response behavior matches that of a real HTTPS server (returning 404 or 200). If VLESS is not properly configured, it may return specific error messages, revealing its proxy identity.
Deployment and Maintenance
VLESS requires integration with the V2Ray or Xray core, making configuration relatively complex, but it supports multiple transport layers (WebSocket, gRPC, etc.), offering high flexibility. Trojan is simple to deploy, typically requiring only a single binary and configuration file, but its transport layer is limited to TLS, resulting in limited extensibility.
Conclusion
| Dimension | VLESS | Trojan | |-----------|-------|--------| | Performance | High | Medium | | Stealth | Medium | High | | Deployment Complexity | Medium | Low | | Flexibility | High | Low |
The choice between VLESS and Trojan depends on specific needs: if pursuing maximum performance with moderate stealth requirements, VLESS is preferable; if high stealth is needed to counter censorship, Trojan is the safer option.