diff --git a/common/crypto/auth.go b/common/crypto/auth.go
index 76993f2b..26af6f7a 100644
--- a/common/crypto/auth.go
+++ b/common/crypto/auth.go
@@ -238,7 +238,12 @@ func (w *AuthenticationWriter) seal(b *buf.Buffer) (*buf.Buffer, error) {
 func (w *AuthenticationWriter) writeStream(mb buf.MultiBuffer) error {
 	defer mb.Release()
 
-	payloadSize := buf.Size - int32(w.auth.Overhead()) - w.sizeParser.SizeBytes() - 64 /* padding buffer */
+	var maxPadding int32
+	if w.padding != nil {
+		maxPadding = int32(w.padding.MaxPaddingLen())
+	}
+
+	payloadSize := buf.Size - int32(w.auth.Overhead()) - w.sizeParser.SizeBytes() - maxPadding
 	mb2Write := buf.NewMultiBufferCap(int32(len(mb) + 10))
 
 	for {
diff --git a/common/crypto/chunk.go b/common/crypto/chunk.go
index f7e7ba95..36e6900f 100755
--- a/common/crypto/chunk.go
+++ b/common/crypto/chunk.go
@@ -21,6 +21,7 @@ type ChunkSizeEncoder interface {
 }
 
 type PaddingLengthGenerator interface {
+	MaxPaddingLen() uint16
 	NextPaddingLen() uint16
 }
 
diff --git a/proxy/vmess/encoding/auth.go b/proxy/vmess/encoding/auth.go
index 3212b800..9f012896 100644
--- a/proxy/vmess/encoding/auth.go
+++ b/proxy/vmess/encoding/auth.go
@@ -111,3 +111,7 @@ func (s *ShakeSizeParser) Encode(size uint16, b []byte) []byte {
 func (s *ShakeSizeParser) NextPaddingLen() uint16 {
 	return s.next() % 64
 }
+
+func (s *ShakeSizeParser) MaxPaddingLne() uint16 {
+	return 64
+}