diff --git a/listener/http/server.go b/listener/http/server.go
index 1bec2555..8b86ac62 100644
--- a/listener/http/server.go
+++ b/listener/http/server.go
@@ -100,6 +100,9 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
 		if tlsConfig.Certificates != nil {
 			return nil, errors.New("certificate is unavailable in reality")
 		}
+		if tlsConfig.ClientAuth != tlsC.NoClientCert {
+			return nil, errors.New("client-auth is unavailable in reality")
+		}
 		realityBuilder, err = config.RealityConfig.Build(tunnel)
 		if err != nil {
 			return nil, err
diff --git a/listener/mixed/mixed.go b/listener/mixed/mixed.go
index 38c3393c..3df49d2c 100644
--- a/listener/mixed/mixed.go
+++ b/listener/mixed/mixed.go
@@ -96,6 +96,9 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
 		if tlsConfig.Certificates != nil {
 			return nil, errors.New("certificate is unavailable in reality")
 		}
+		if tlsConfig.ClientAuth != tlsC.NoClientCert {
+			return nil, errors.New("client-auth is unavailable in reality")
+		}
 		realityBuilder, err = config.RealityConfig.Build(tunnel)
 		if err != nil {
 			return nil, err
diff --git a/listener/sing_vless/server.go b/listener/sing_vless/server.go
index 48e9001a..a210d70a 100644
--- a/listener/sing_vless/server.go
+++ b/listener/sing_vless/server.go
@@ -111,6 +111,9 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 		if tlsConfig.Certificates != nil {
 			return nil, errors.New("certificate is unavailable in reality")
 		}
+		if tlsConfig.ClientAuth != tlsC.NoClientCert {
+			return nil, errors.New("client-auth is unavailable in reality")
+		}
 		realityBuilder, err = config.RealityConfig.Build(tunnel)
 		if err != nil {
 			return nil, err
diff --git a/listener/sing_vmess/server.go b/listener/sing_vmess/server.go
index 1ce90259..24c323ba 100644
--- a/listener/sing_vmess/server.go
+++ b/listener/sing_vmess/server.go
@@ -111,6 +111,9 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
 		if tlsConfig.Certificates != nil {
 			return nil, errors.New("certificate is unavailable in reality")
 		}
+		if tlsConfig.ClientAuth != tlsC.NoClientCert {
+			return nil, errors.New("client-auth is unavailable in reality")
+		}
 		realityBuilder, err = config.RealityConfig.Build(tunnel)
 		if err != nil {
 			return nil, err
diff --git a/listener/socks/tcp.go b/listener/socks/tcp.go
index 1ec3a1f1..60eaa741 100644
--- a/listener/socks/tcp.go
+++ b/listener/socks/tcp.go
@@ -95,6 +95,9 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
 		if tlsConfig.Certificates != nil {
 			return nil, errors.New("certificate is unavailable in reality")
 		}
+		if tlsConfig.ClientAuth != tlsC.NoClientCert {
+			return nil, errors.New("client-auth is unavailable in reality")
+		}
 		realityBuilder, err = config.RealityConfig.Build(tunnel)
 		if err != nil {
 			return nil, err
diff --git a/listener/trojan/server.go b/listener/trojan/server.go
index df5f3aba..03fb02cf 100644
--- a/listener/trojan/server.go
+++ b/listener/trojan/server.go
@@ -106,6 +106,9 @@ func New(config LC.TrojanServer, tunnel C.Tunnel, additions ...inbound.Addition)
 		if tlsConfig.Certificates != nil {
 			return nil, errors.New("certificate is unavailable in reality")
 		}
+		if tlsConfig.ClientAuth != tlsC.NoClientCert {
+			return nil, errors.New("client-auth is unavailable in reality")
+		}
 		realityBuilder, err = config.RealityConfig.Build(tunnel)
 		if err != nil {
 			return nil, err