v2fly · kslr · Jan 1, 2021 · Jan 1, 2021 · kslr · Jan 1, 2021
diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go
@@ -286,13 +286,12 @@ func (c *TLSCertConfig) Build() (*tls.Certificate, error) {
 }
 
 type TLSConfig struct {
-	Insecure                 bool             `json:"allowInsecure"`
-	InsecureCiphers          bool             `json:"allowInsecureCiphers"`
-	Certs                    []*TLSCertConfig `json:"certificates"`
-	ServerName               string           `json:"serverName"`
-	ALPN                     *StringList      `json:"alpn"`
-	DisableSessionResumption bool             `json:"disableSessionResumption"`
-	DisableSystemRoot        bool             `json:"disableSystemRoot"`
+	Insecure                bool             `json:"allowInsecure"`
+	Certs                   []*TLSCertConfig `json:"certificates"`
+	ServerName              string           `json:"serverName"`
+	ALPN                    *StringList      `json:"alpn"`
+	EnableSessionResumption bool             `json:"enableSessionResumption"`
+	DisableSystemRoot       bool             `json:"disableSystemRoot"`
 }
 
 // Build implements Buildable.
@@ -308,14 +307,13 @@ func (c *TLSConfig) Build() (proto.Message, error) {
 	}
 	serverName := c.ServerName
 	config.AllowInsecure = c.Insecure
-	config.AllowInsecureCiphers = c.InsecureCiphers
 	if len(c.ServerName) > 0 {
 		config.ServerName = serverName
 	}
 	if c.ALPN != nil && len(*c.ALPN) > 0 {
 		config.NextProtocol = []string(*c.ALPN)
 	}
-	config.DisableSessionResumption = c.DisableSessionResumption
+	config.EnableSessionResumption = c.EnableSessionResumption
 	config.DisableSystemRoot = c.DisableSystemRoot
 	return config, nil
 }

diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go
@@ -192,7 +192,7 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 		RootCAs:                root,
 		InsecureSkipVerify:     c.AllowInsecure,
 		NextProtos:             c.NextProtocol,
-		SessionTicketsDisabled: c.DisableSessionResumption,
+		SessionTicketsDisabled: !c.EnableSessionResumption,
 	}
 
 	for _, opt := range opts {

diff --git a/transport/internet/tls/config.pb.go b/transport/internet/tls/config.pb.go
diff --git a/transport/internet/tls/config.proto b/transport/internet/tls/config.proto
@@ -26,9 +26,6 @@ message Config {
   // Whether or not to allow self-signed certificates.
   bool allow_insecure = 1;
 
-  // Whether or not to allow insecure cipher suites.
-  bool allow_insecure_ciphers = 5;
-
   // List of certificates to be served on server.
   repeated Certificate certificate = 2;
 
@@ -38,10 +35,10 @@ message Config {
   // Lists of string as ALPN values.
   repeated string next_protocol = 4;
 
-  // Whether or not to disable session (ticket) resumption.
-  bool disable_session_resumption = 6;
+  // Whether or not to enable session (ticket) resumption.
+  bool enable_session_resumption = 5;
 
   // If true, root certificates on the system will not be loaded for
   // verification.
-  bool disable_system_root = 7;
+  bool disable_system_root = 6;
 }
diff --git a/transport/internet/tls/config_test.go b/transport/internet/tls/config_test.go
@@ -64,9 +64,7 @@ func TestExpiredCertificate(t *testing.T) {
 }
 
 func TestInsecureCertificates(t *testing.T) {
-	c := &Config{
-		AllowInsecureCiphers: true,
-	}
+	c := &Config{}
 
 	tlsConfig := c.GetTLSConfig()
 	if len(tlsConfig.CipherSuites) > 0 {