diff --git a/proxy/vless/encryption/client.go b/proxy/vless/encryption/client.go
index 1ea2ecc5..9a17135e 100644
--- a/proxy/vless/encryption/client.go
+++ b/proxy/vless/encryption/client.go
@@ -104,9 +104,9 @@ func (i *ClientInstance) Handshake(conn net.Conn) (net.Conn, error) {
 	if _, err := c.Conn.Write(clientHello); err != nil {
 		return nil, err
 	}
-	// client can send more padding / NFS AEAD messages if needed
+	// client can send more paddings / NFS AEAD messages if needed
 
-	_, t, l, err := ReadAndDiscardPaddings(c.Conn)
+	_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before server hello
 	if err != nil {
 		return nil, err
 	}
@@ -190,9 +190,9 @@ func (c *ClientConn) Read(b []byte) (int, error) {
 		return 0, nil
 	}
 	if c.peerAead == nil {
-		_, t, l, err := ReadAndDiscardPaddings(c.Conn)
+		_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before random hello
 		if err != nil {
-			if c.instance != nil && strings.HasPrefix(err.Error(), "invalid header: ") { // from 0-RTT
+			if c.instance != nil && strings.HasPrefix(err.Error(), "invalid header: ") { // 0-RTT's 0-RTT
 				c.instance.Lock()
 				if bytes.Equal(c.ticket, c.instance.ticket) {
 					c.instance.expire = time.Now() // expired
diff --git a/proxy/vless/encryption/server.go b/proxy/vless/encryption/server.go
index 72346575..7114da22 100644
--- a/proxy/vless/encryption/server.go
+++ b/proxy/vless/encryption/server.go
@@ -97,7 +97,7 @@ func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) {
 	}
 	c := &ServerConn{Conn: conn}
 
-	_, t, l, err := ReadAndDiscardPaddings(c.Conn)
+	_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before client/ticket hello
 	if err != nil {
 		return nil, err
 	}
@@ -118,7 +118,11 @@ func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) {
 		i.RUnlock()
 		if s == nil {
 			noise := make([]byte, crypto.RandBetween(100, 1000))
-			rand.Read(noise)
+			var err error
+			for err == nil {
+				rand.Read(noise)
+				_, _, err = DecodeHeader(noise)
+			}
 			c.Conn.Write(noise) // make client do new handshake
 			return nil, errors.New("expired ticket")
 		}
@@ -169,7 +173,7 @@ func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) {
 	if _, err := c.Conn.Write(serverHello); err != nil {
 		return nil, err
 	}
-	// server can send more padding / PFS AEAD messages if needed
+	// server can send more paddings / PFS AEAD messages if needed
 
 	if i.minutes > 0 {
 		i.Lock()
@@ -189,8 +193,8 @@ func (c *ServerConn) Read(b []byte) (int, error) {
 		return 0, nil
 	}
 	if c.peerAead == nil {
-		if c.peerRandom == nil { // from 1-RTT
-			_, t, l, err := ReadAndDiscardPaddings(c.Conn)
+		if c.peerRandom == nil { // 1-RTT's 0-RTT
+			_, t, l, err := ReadAndDiscardPaddings(c.Conn) // allow paddings before ticket hello
 			if err != nil {
 				return 0, err
 			}