diff --git a/CHANGES b/CHANGES
index aad5b9a..a00c92f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+2.9.5.1 2016-10-17
+- tls1.2_ticket_auth random packet size
+
+2.9.5.1 2016-10-16
+- UDP bind address
+
 2.9.5 2016-10-13
 - add auth_aes128_md5 and auth_aes128_sha1
 
diff --git a/shadowsocks/obfsplugin/obfs_tls.py b/shadowsocks/obfsplugin/obfs_tls.py
index 9912c92..a8526bf 100644
--- a/shadowsocks/obfsplugin/obfs_tls.py
+++ b/shadowsocks/obfsplugin/obfs_tls.py
@@ -149,9 +149,10 @@ class tls_ticket_auth(plain.plain):
             return buf
         if self.handshake_status == 8:
             ret = b''
-            while len(buf) > 8192:
-                ret += b"\x17" + self.tls_version + struct.pack('>H', 8192) + buf[:8192]
-                buf = buf[8192:]
+            while len(buf) > 4096:
+                size = struct.unpack('>H', os.urandom(2))[0] % 4096 + 100
+                ret += b"\x17" + self.tls_version + struct.pack('>H', size) + buf[:size]
+                buf = buf[size:]
             if len(buf) > 0:
                 ret += b"\x17" + self.tls_version + struct.pack('>H', len(buf)) + buf
             return ret
@@ -178,7 +179,7 @@ class tls_ticket_auth(plain.plain):
             ret = b''
             self.recv_buffer += buf
             while len(self.recv_buffer) > 5:
-                if ord(self.recv_buffer[0]) != 0x17:
+                if ord(self.recv_buffer[0]) != 0x17 or ord(self.recv_buffer[1]) != 0x3 or ord(self.recv_buffer[2]) != 0x3:
                     logging.info("data = %s" % (binascii.hexlify(self.recv_buffer)))
                     raise Exception('server_decode appdata error')
                 size = struct.unpack('>H', self.recv_buffer[3:5])[0]
diff --git a/shadowsocks/version.py b/shadowsocks/version.py
index e783755..a2abded 100644
--- a/shadowsocks/version.py
+++ b/shadowsocks/version.py
@@ -16,5 +16,5 @@
 # under the License.
 
 def version():
-    return '2.9.5.1 2016-10-16'
+    return '2.9.6 2016-10-17'