Adjust config loader of TLS & XTLS

2025-05-15 16:48:41 +00:00 · 2020-12-16 15:59:04 +00:00 · 2020-12-16 15:59:04 +00:00 · 38faac5ffc
commit 38faac5ffc
parent 88dfed931b
9 changed files with 215 additions and 195 deletions
--- a/transport/internet/xtls/config.go
+++ b/transport/internet/xtls/config.go
@ -176,12 +176,11 @@ func (c *Config) GetXTLSConfig(opts ...Option) *xtls.Config {
 	}

 	config := &xtls.Config{
-		ClientSessionCache:       globalSessionCache,
-		RootCAs:                  root,
-		InsecureSkipVerify:       c.AllowInsecure,
-		NextProtos:               c.NextProtocol,
-		SessionTicketsDisabled:   c.DisableSessionResumption,
-		PreferServerCipherSuites: c.PreferServerCipherSuites,
+		ClientSessionCache:     globalSessionCache,
+		RootCAs:                root,
+		InsecureSkipVerify:     c.AllowInsecure,
+		NextProtos:             c.NextProtocol,
+		SessionTicketsDisabled: c.DisableSessionResumption,
 	}

 	for _, opt := range opts {
@ -215,8 +214,19 @@ func (c *Config) GetXTLSConfig(opts ...Option) *xtls.Config {
 		config.MinVersion = xtls.VersionTLS13
 	}

+	switch c.MaxVersion {
+	case "1.0":
+		config.MaxVersion = xtls.VersionTLS10
+	case "1.1":
+		config.MaxVersion = xtls.VersionTLS11
+	case "1.2":
+		config.MaxVersion = xtls.VersionTLS12
+	case "1.3":
+		config.MaxVersion = xtls.VersionTLS13
+	}
+
 	var cipherSuites []uint16
-	if c.PreferServerCipherSuites && len(c.CipherSuites) > 0 {
+	if len(c.CipherSuites) > 0 {
 		cipherSuitesArray := strings.Split(c.CipherSuites, ":")
 		if len(cipherSuitesArray) > 0 {
 			all := xtls.CipherSuites()
@ -224,12 +234,14 @@ func (c *Config) GetXTLSConfig(opts ...Option) *xtls.Config {
 				for _, s := range all {
 					if s.Name == suite {
 						cipherSuites = append(cipherSuites, s.ID)
+						break
 					}
 				}
 			}
 		}
 	}
 	config.CipherSuites = cipherSuites
+	config.PreferServerCipherSuites = c.PreferServerCipherSuites

 	return config
 }