hmac mismatch - Githubissues

Hello. I have this sing-box / ShadowTLSv3 server/client.

Previously the server was a Reality server with SNI: www.ctrip.com and it was working fine (no blockage).

Recently I rebuilt the server installed sing-box and setup shadowtlsv3. but when I connect to the server, on the server log it says:

WARN[1837] [1544878752 1ms] inbound/shadowtls[0]: client hello verify failed: hmac mismatch

Client:

{
  "dns": {
    "independent_cache": true,
    "rules": [
      {
        "domain": [
          "dns.google"
        ],
        "server": "dns-direct"
      }
    ],
    "servers": [
      {
        "address": "https://dns.google/dns-query",
        "address_resolver": "dns-direct",
        "strategy": "prefer_ipv4",
        "tag": "dns-remote"
      },
      {
        "address": "local",
        "address_resolver": "dns-local",
        "detour": "direct",
        "strategy": "prefer_ipv4",
        "tag": "dns-direct"
      },
      {
        "address": "local",
        "detour": "direct",
        "tag": "dns-local"
      },
      {
        "address": "rcode://success",
        "tag": "dns-block"
      }
    ]
  },
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "listen_port": 6450,
      "override_address": "8.8.8.8",
      "override_port": 53,
      "tag": "dns-in",
      "type": "direct"
    },
    {
      "domain_strategy": "",
      "endpoint_independent_nat": true,
      "inet4_address": [
        "172.19.0.1/28"
      ],
      "inet6_address": [
        "fdfe:dcba:9876::1/126"
      ],
      "mtu": 9000,
      "sniff": true,
      "sniff_override_destination": false,
      "stack": "mixed",
      "tag": "tun-in",
      "type": "tun"
    },
    {
      "domain_strategy": "",
      "listen": "127.0.0.1",
      "listen_port": 2080,
      "sniff": true,
      "sniff_override_destination": false,
      "tag": "mixed-in",
      "type": "mixed"
    }
  ],
  "log": {
    "level": "debug"
  },
  "outbounds": [
    {
      "password": "XXXX",
      "server": "X.X.X.X",
      "server_port": 443,
      "tls": {
        "enabled": true,
        "insecure": false,
        "server_name": "www.ctrip.com",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        }
      },
      "version": 3,
      "type": "shadowtls",
      "domain_strategy": "",
      "tag": "proxy"
    },
    {
      "tag": "direct",
      "type": "direct"
    },
    {
      "tag": "bypass",
      "type": "direct"
    },
    {
      "tag": "block",
      "type": "block"
    },
    {
      "tag": "dns-out",
      "type": "dns"
    }
  ],
  "route": {
    "auto_detect_interface": true,
    "rules": [
      {
        "outbound": "dns-out",
        "port": [
          53
        ]
      },
      {
        "inbound": [
          "dns-in"
        ],
        "outbound": "dns-out"
      },
      {
        "ip_cidr": [
          "224.0.0.0/3",
          "ff00::/8"
        ],
        "outbound": "block",
        "source_ip_cidr": [
          "224.0.0.0/3",
          "ff00::/8"
        ]
      }
    ]
  }
}

Server:

{
    "inbounds": [
        {
            "type": "shadowtls",
            "listen": "::",
            "listen_port": 443,
            "detour": "shadowsocks-in",
            "version": 3,
            "users": [
                {
                    "password": ""
                }
            ],
            "handshake": {
                "server": "www.ctrip.com",
                "server_port": 443
            },
            "strict_mode": true
        },
        {
            "type": "shadowsocks",
            "tag": "shadowsocks-in",
            "listen": "127.0.0.1",
            "method": "2022-blake3-aes-128-gcm",
            "password": "XXXX",
            "multiplex": {
                "enabled": true
            }
        }
    ],
    "outbounds": [
        {
            "type": "direct"
        }
    ]
}

Nekobox:

ihciah / shadow-tls

hmac mismatch #106