diff --git a/adapter/outbound/http.go b/adapter/outbound/http.go index 43ca1204..b4dffdf7 100644 --- a/adapter/outbound/http.go +++ b/adapter/outbound/http.go @@ -125,7 +125,6 @@ func NewHttp(option HttpOption) *Http { } tlsConfig = &tls.Config{ InsecureSkipVerify: option.SkipCertVerify, - ClientSessionCache: getClientSessionCache(), ServerName: sni, } } diff --git a/adapter/outbound/shadowsocks.go b/adapter/outbound/shadowsocks.go index 0fb3ab9a..39d1e36d 100644 --- a/adapter/outbound/shadowsocks.go +++ b/adapter/outbound/shadowsocks.go @@ -149,7 +149,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) { if opts.TLS { v2rayOption.TLS = true v2rayOption.SkipCertVerify = opts.SkipCertVerify - v2rayOption.SessionCache = getClientSessionCache() } } diff --git a/adapter/outbound/socks5.go b/adapter/outbound/socks5.go index 26c7c06a..8106e0e2 100644 --- a/adapter/outbound/socks5.go +++ b/adapter/outbound/socks5.go @@ -145,7 +145,6 @@ func NewSocks5(option Socks5Option) *Socks5 { if option.TLS { tlsConfig = &tls.Config{ InsecureSkipVerify: option.SkipCertVerify, - ClientSessionCache: getClientSessionCache(), ServerName: option.Server, } } diff --git a/adapter/outbound/trojan.go b/adapter/outbound/trojan.go index 5d852735..afed410f 100644 --- a/adapter/outbound/trojan.go +++ b/adapter/outbound/trojan.go @@ -127,11 +127,10 @@ func NewTrojan(option TrojanOption) (*Trojan, error) { addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port)) tOption := &trojan.Option{ - Password: option.Password, - ALPN: option.ALPN, - ServerName: option.Server, - SkipCertVerify: option.SkipCertVerify, - ClientSessionCache: getClientSessionCache(), + Password: option.Password, + ALPN: option.ALPN, + ServerName: option.Server, + SkipCertVerify: option.SkipCertVerify, } if option.SNI != "" { @@ -163,7 +162,6 @@ func NewTrojan(option TrojanOption) (*Trojan, error) { MinVersion: tls.VersionTLS12, InsecureSkipVerify: tOption.SkipCertVerify, ServerName: tOption.ServerName, - ClientSessionCache: getClientSessionCache(), } t.transport = gun.NewHTTP2Client(dialFn, tlsConfig) diff --git a/adapter/outbound/util.go b/adapter/outbound/util.go index 4b81eb5d..0e1d4c8e 100644 --- a/adapter/outbound/util.go +++ b/adapter/outbound/util.go @@ -2,10 +2,8 @@ package outbound import ( "bytes" - "crypto/tls" "net" "strconv" - "sync" "time" "github.com/Dreamacro/clash/component/resolver" @@ -13,11 +11,6 @@ import ( "github.com/Dreamacro/clash/transport/socks5" ) -var ( - globalClientSessionCache tls.ClientSessionCache - once sync.Once -) - func tcpKeepAlive(c net.Conn) { if tcp, ok := c.(*net.TCPConn); ok { tcp.SetKeepAlive(true) @@ -25,13 +18,6 @@ func tcpKeepAlive(c net.Conn) { } } -func getClientSessionCache() tls.ClientSessionCache { - once.Do(func() { - globalClientSessionCache = tls.NewLRUClientSessionCache(128) - }) - return globalClientSessionCache -} - func serializesSocksAddr(metadata *C.Metadata) []byte { var buf [][]byte aType := uint8(metadata.AddrType) diff --git a/adapter/outbound/vmess.go b/adapter/outbound/vmess.go index 672f767b..5ee4abbc 100644 --- a/adapter/outbound/vmess.go +++ b/adapter/outbound/vmess.go @@ -86,7 +86,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) { if v.option.TLS { wsOpts.TLS = true - wsOpts.SessionCache = getClientSessionCache() wsOpts.SkipCertVerify = v.option.SkipCertVerify wsOpts.ServerName = v.option.ServerName } @@ -98,7 +97,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) { tlsOpts := &vmess.TLSConfig{ Host: host, SkipCertVerify: v.option.SkipCertVerify, - SessionCache: getClientSessionCache(), } if v.option.ServerName != "" { @@ -125,7 +123,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) { tlsOpts := vmess.TLSConfig{ Host: host, SkipCertVerify: v.option.SkipCertVerify, - SessionCache: getClientSessionCache(), NextProtos: []string{"h2"}, } @@ -153,7 +150,6 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) { tlsOpts := &vmess.TLSConfig{ Host: host, SkipCertVerify: v.option.SkipCertVerify, - SessionCache: getClientSessionCache(), } if v.option.ServerName != "" { diff --git a/dns/doh.go b/dns/doh.go index 247e0704..34375017 100644 --- a/dns/doh.go +++ b/dns/doh.go @@ -3,7 +3,6 @@ package dns import ( "bytes" "context" - "crypto/tls" "io/ioutil" "net" "net/http" @@ -76,7 +75,6 @@ func newDoHClient(url string, r *Resolver) *dohClient { return &dohClient{ url: url, transport: &http.Transport{ - TLSClientConfig: &tls.Config{ClientSessionCache: globalSessionCache}, ForceAttemptHTTP2: true, DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { host, port, err := net.SplitHostPort(addr) diff --git a/dns/resolver.go b/dns/resolver.go index f57fec52..1ca0293e 100644 --- a/dns/resolver.go +++ b/dns/resolver.go @@ -2,7 +2,6 @@ package dns import ( "context" - "crypto/tls" "errors" "fmt" "math/rand" @@ -20,10 +19,6 @@ import ( "golang.org/x/sync/singleflight" ) -var ( - globalSessionCache = tls.NewLRUClientSessionCache(64) -) - type dnsClient interface { Exchange(m *D.Msg) (msg *D.Msg, err error) ExchangeContext(ctx context.Context, m *D.Msg) (msg *D.Msg, err error) diff --git a/dns/util.go b/dns/util.go index c2bb11d8..e56aaeb5 100644 --- a/dns/util.go +++ b/dns/util.go @@ -127,7 +127,6 @@ func transform(servers []NameServer, resolver *Resolver) []dnsClient { Client: &D.Client{ Net: s.Net, TLSConfig: &tls.Config{ - ClientSessionCache: globalSessionCache, // alpn identifier, see https://tools.ietf.org/html/draft-hoffman-dprive-dns-tls-alpn-00#page-6 NextProtos: []string{"dns"}, ServerName: host, diff --git a/transport/trojan/trojan.go b/transport/trojan/trojan.go index 88cc95fb..d62e3f80 100644 --- a/transport/trojan/trojan.go +++ b/transport/trojan/trojan.go @@ -34,11 +34,10 @@ var ( ) type Option struct { - Password string - ALPN []string - ServerName string - SkipCertVerify bool - ClientSessionCache tls.ClientSessionCache + Password string + ALPN []string + ServerName string + SkipCertVerify bool } type Trojan struct { @@ -57,7 +56,6 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) { MinVersion: tls.VersionTLS12, InsecureSkipVerify: t.option.SkipCertVerify, ServerName: t.option.ServerName, - ClientSessionCache: t.option.ClientSessionCache, } tlsConn := tls.Client(conn, tlsConfig) diff --git a/transport/v2ray-plugin/websocket.go b/transport/v2ray-plugin/websocket.go index 9feaf2c2..317c172f 100644 --- a/transport/v2ray-plugin/websocket.go +++ b/transport/v2ray-plugin/websocket.go @@ -1,7 +1,6 @@ package obfs import ( - "crypto/tls" "net" "net/http" @@ -16,7 +15,6 @@ type Option struct { Headers map[string]string TLS bool SkipCertVerify bool - SessionCache tls.ClientSessionCache Mux bool } @@ -34,7 +32,6 @@ func NewV2rayObfs(conn net.Conn, option *Option) (net.Conn, error) { TLS: option.TLS, Headers: header, SkipCertVerify: option.SkipCertVerify, - SessionCache: option.SessionCache, } var err error diff --git a/transport/vmess/tls.go b/transport/vmess/tls.go index b003a753..234c3147 100644 --- a/transport/vmess/tls.go +++ b/transport/vmess/tls.go @@ -8,7 +8,6 @@ import ( type TLSConfig struct { Host string SkipCertVerify bool - SessionCache tls.ClientSessionCache NextProtos []string } @@ -16,7 +15,6 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) { tlsConfig := &tls.Config{ ServerName: cfg.Host, InsecureSkipVerify: cfg.SkipCertVerify, - ClientSessionCache: cfg.SessionCache, NextProtos: cfg.NextProtos, } diff --git a/transport/vmess/websocket.go b/transport/vmess/websocket.go index 980add13..6ed353e7 100644 --- a/transport/vmess/websocket.go +++ b/transport/vmess/websocket.go @@ -32,7 +32,6 @@ type WebsocketConfig struct { TLS bool SkipCertVerify bool ServerName string - SessionCache tls.ClientSessionCache } // Read implements net.Conn.Read() @@ -130,7 +129,7 @@ func StreamWebsocketConn(conn net.Conn, c *WebsocketConfig) (net.Conn, error) { dialer.TLSClientConfig = &tls.Config{ ServerName: c.Host, InsecureSkipVerify: c.SkipCertVerify, - ClientSessionCache: c.SessionCache, + NextProtos: []string{"http/1.1"}, } if c.ServerName != "" {