From e6ac085025afbbae520249a5403cbe03918e8c58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Mon, 13 Dec 2021 14:58:24 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E4=BB=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/nodes/listener_base.go | 40 +++++----------------------------
 1 file changed, 6 insertions(+), 34 deletions(-)

diff --git a/internal/nodes/listener_base.go b/internal/nodes/listener_base.go
index 2a89ff0..e29e5eb 100644
--- a/internal/nodes/listener_base.go
+++ b/internal/nodes/listener_base.go
@@ -8,7 +8,6 @@ import (
 	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/types"
-	"golang.org/x/net/http2"
 )
 
 type BaseListener struct {
@@ -35,48 +34,21 @@ func (this *BaseListener) CountActiveListeners() int {
 func (this *BaseListener) buildTLSConfig() *tls.Config {
 	return &tls.Config{
 		Certificates: nil,
-		GetConfigForClient: func(info *tls.ClientHelloInfo) (config *tls.Config, e error) {
-			ssl, _, err := this.matchSSL(info.ServerName)
+		GetConfigForClient: func(configInfo *tls.ClientHelloInfo) (config *tls.Config, e error) {
+			ssl, _, err := this.matchSSL(configInfo.ServerName)
 			if err != nil {
 				return nil, err
 			}
 
-			cipherSuites := ssl.TLSCipherSuites()
-			if !ssl.CipherSuitesIsOn || len(cipherSuites) == 0 {
-				cipherSuites = nil
-			}
-
-			nextProto := []string{}
-			if ssl.HTTP2Enabled {
-				nextProto = []string{http2.NextProtoTLS}
-			}
-			return &tls.Config{
-				Certificates: nil,
-				MinVersion:   ssl.TLSMinVersion(),
-				CipherSuites: cipherSuites,
-				GetCertificate: func(info *tls.ClientHelloInfo) (certificate *tls.Certificate, e error) {
-					_, cert, err := this.matchSSL(info.ServerName)
-					if err != nil {
-						return nil, err
-					}
-					if cert == nil {
-						return nil, errors.New("no ssl certs found for '" + info.ServerName + "'")
-					}
-					return cert, nil
-				},
-				ClientAuth: sslconfigs.GoSSLClientAuthType(ssl.ClientAuthType),
-				ClientCAs:  ssl.CAPool(),
-
-				NextProtos: nextProto,
-			}, nil
+			return ssl.TLSConfig(), nil
 		},
-		GetCertificate: func(info *tls.ClientHelloInfo) (certificate *tls.Certificate, e error) {
-			_, cert, err := this.matchSSL(info.ServerName)
+		GetCertificate: func(certInfo *tls.ClientHelloInfo) (certificate *tls.Certificate, e error) {
+			_, cert, err := this.matchSSL(certInfo.ServerName)
 			if err != nil {
 				return nil, err
 			}
 			if cert == nil {
-				return nil, errors.New("no ssl certs found for '" + info.ServerName + "'")
+				return nil, errors.New("no ssl certs found for '" + certInfo.ServerName + "'")
 			}
 			return cert, nil
 		},