Fix: remove ClientSessionCache and add NextProtos for vmess to fix #1468

uxsi · Jul 3, 2021 · 995aa7a · 995aa7a
1 parent 3ca5d17
commit 995aa7a
Show file tree

Hide file tree

Showing 13 changed files with 9 additions and 48 deletions.
diff --git a/adapter/outbound/http.go b/adapter/outbound/http.go
@@ -125,7 +125,6 @@ func NewHttp(option HttpOption) *Http {
 		}
 		tlsConfig = &tls.Config{
 			InsecureSkipVerify: option.SkipCertVerify,
-			ClientSessionCache: getClientSessionCache(),
 			ServerName:         sni,
 		}
 	}

diff --git a/adapter/outbound/shadowsocks.go b/adapter/outbound/shadowsocks.go
@@ -149,7 +149,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
 		if opts.TLS {
 			v2rayOption.TLS = true
 			v2rayOption.SkipCertVerify = opts.SkipCertVerify
-			v2rayOption.SessionCache = getClientSessionCache()
 		}
 	}
 

diff --git a/adapter/outbound/socks5.go b/adapter/outbound/socks5.go
@@ -145,7 +145,6 @@ func NewSocks5(option Socks5Option) *Socks5 {
 	if option.TLS {
 		tlsConfig = &tls.Config{
 			InsecureSkipVerify: option.SkipCertVerify,
-			ClientSessionCache: getClientSessionCache(),
 			ServerName:         option.Server,
 		}
 	}

diff --git a/adapter/outbound/trojan.go b/adapter/outbound/trojan.go
@@ -127,11 +127,10 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 
 	tOption := &trojan.Option{
-		Password:           option.Password,
-		ALPN:               option.ALPN,
-		ServerName:         option.Server,
-		SkipCertVerify:     option.SkipCertVerify,
-		ClientSessionCache: getClientSessionCache(),
+		Password:       option.Password,
+		ALPN:           option.ALPN,
+		ServerName:     option.Server,
+		SkipCertVerify: option.SkipCertVerify,
 	}
 
 	if option.SNI != "" {
@@ -163,7 +162,6 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
 			MinVersion:         tls.VersionTLS12,
 			InsecureSkipVerify: tOption.SkipCertVerify,
 			ServerName:         tOption.ServerName,
-			ClientSessionCache: getClientSessionCache(),
 		}
 
 		t.transport = gun.NewHTTP2Client(dialFn, tlsConfig)

diff --git a/adapter/outbound/util.go b/adapter/outbound/util.go
@@ -2,36 +2,22 @@ package outbound
 
 import (
 	"bytes"
-	"crypto/tls"
 	"net"
 	"strconv"
-	"sync"
 	"time"
 
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/socks5"
 )
 
-var (
-	globalClientSessionCache tls.ClientSessionCache
-	once                     sync.Once
-)
-
 func tcpKeepAlive(c net.Conn) {
 	if tcp, ok := c.(*net.TCPConn); ok {
 		tcp.SetKeepAlive(true)
 		tcp.SetKeepAlivePeriod(30 * time.Second)
 	}
 }
 
-func getClientSessionCache() tls.ClientSessionCache {
-	once.Do(func() {
-		globalClientSessionCache = tls.NewLRUClientSessionCache(128)
-	})
-	return globalClientSessionCache
-}
-
 func serializesSocksAddr(metadata *C.Metadata) []byte {
 	var buf [][]byte
 	aType := uint8(metadata.AddrType)

diff --git a/adapter/outbound/vmess.go b/adapter/outbound/vmess.go
@@ -86,7 +86,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 
 		if v.option.TLS {
 			wsOpts.TLS = true
-			wsOpts.SessionCache = getClientSessionCache()
 			wsOpts.SkipCertVerify = v.option.SkipCertVerify
 			wsOpts.ServerName = v.option.ServerName
 		}
@@ -98,7 +97,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			tlsOpts := &vmess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
-				SessionCache:   getClientSessionCache(),
 			}
 
 			if v.option.ServerName != "" {
@@ -125,7 +123,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 		tlsOpts := vmess.TLSConfig{
 			Host:           host,
 			SkipCertVerify: v.option.SkipCertVerify,
-			SessionCache:   getClientSessionCache(),
 			NextProtos:     []string{"h2"},
 		}
 
@@ -153,7 +150,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			tlsOpts := &vmess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
-				SessionCache:   getClientSessionCache(),
 			}
 
 			if v.option.ServerName != "" {

diff --git a/dns/doh.go b/dns/doh.go
@@ -3,7 +3,6 @@ package dns
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
 	"io/ioutil"
 	"net"
 	"net/http"
@@ -76,7 +75,6 @@ func newDoHClient(url string, r *Resolver) *dohClient {
 	return &dohClient{
 		url: url,
 		transport: &http.Transport{
-			TLSClientConfig:   &tls.Config{ClientSessionCache: globalSessionCache},
 			ForceAttemptHTTP2: true,
 			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
 				host, port, err := net.SplitHostPort(addr)

diff --git a/dns/resolver.go b/dns/resolver.go
@@ -2,7 +2,6 @@ package dns
 
 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"math/rand"
@@ -20,10 +19,6 @@ import (
 	"golang.org/x/sync/singleflight"
 )
 
-var (
-	globalSessionCache = tls.NewLRUClientSessionCache(64)
-)
-
 type dnsClient interface {
 	Exchange(m *D.Msg) (msg *D.Msg, err error)
 	ExchangeContext(ctx context.Context, m *D.Msg) (msg *D.Msg, err error)

diff --git a/dns/util.go b/dns/util.go
@@ -127,7 +127,6 @@ func transform(servers []NameServer, resolver *Resolver) []dnsClient {
 			Client: &D.Client{
 				Net: s.Net,
 				TLSConfig: &tls.Config{
-					ClientSessionCache: globalSessionCache,
 					// alpn identifier, see https://tools.ietf.org/html/draft-hoffman-dprive-dns-tls-alpn-00#page-6
 					NextProtos: []string{"dns"},
 					ServerName: host,

diff --git a/transport/trojan/trojan.go b/transport/trojan/trojan.go
@@ -34,11 +34,10 @@ var (
 )
 
 type Option struct {
-	Password           string
-	ALPN               []string
-	ServerName         string
-	SkipCertVerify     bool
-	ClientSessionCache tls.ClientSessionCache
+	Password       string
+	ALPN           []string
+	ServerName     string
+	SkipCertVerify bool
 }
 
 type Trojan struct {
@@ -57,7 +56,6 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) {
 		MinVersion:         tls.VersionTLS12,
 		InsecureSkipVerify: t.option.SkipCertVerify,
 		ServerName:         t.option.ServerName,
-		ClientSessionCache: t.option.ClientSessionCache,
 	}
 
 	tlsConn := tls.Client(conn, tlsConfig)

diff --git a/transport/v2ray-plugin/websocket.go b/transport/v2ray-plugin/websocket.go
@@ -1,7 +1,6 @@
 package obfs
 
 import (
-	"crypto/tls"
 	"net"
 	"net/http"
 
@@ -16,7 +15,6 @@ type Option struct {
 	Headers        map[string]string
 	TLS            bool
 	SkipCertVerify bool
-	SessionCache   tls.ClientSessionCache
 	Mux            bool
 }
 
@@ -34,7 +32,6 @@ func NewV2rayObfs(conn net.Conn, option *Option) (net.Conn, error) {
 		TLS:            option.TLS,
 		Headers:        header,
 		SkipCertVerify: option.SkipCertVerify,
-		SessionCache:   option.SessionCache,
 	}
 
 	var err error

diff --git a/transport/vmess/tls.go b/transport/vmess/tls.go
@@ -8,15 +8,13 @@ import (
 type TLSConfig struct {
 	Host           string
 	SkipCertVerify bool
-	SessionCache   tls.ClientSessionCache
 	NextProtos     []string
 }
 
 func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
 	tlsConfig := &tls.Config{
 		ServerName:         cfg.Host,
 		InsecureSkipVerify: cfg.SkipCertVerify,
-		ClientSessionCache: cfg.SessionCache,
 		NextProtos:         cfg.NextProtos,
 	}
 

diff --git a/transport/vmess/websocket.go b/transport/vmess/websocket.go
@@ -32,7 +32,6 @@ type WebsocketConfig struct {
 	TLS            bool
 	SkipCertVerify bool
 	ServerName     string
-	SessionCache   tls.ClientSessionCache
 }
 
 // Read implements net.Conn.Read()
@@ -130,7 +129,7 @@ func StreamWebsocketConn(conn net.Conn, c *WebsocketConfig) (net.Conn, error) {
 		dialer.TLSClientConfig = &tls.Config{
 			ServerName:         c.Host,
 			InsecureSkipVerify: c.SkipCertVerify,
-			ClientSessionCache: c.SessionCache,
+			NextProtos:         []string{"http/1.1"},
 		}
 
 		if c.ServerName != "" {