diff --git a/adapter/outbound/hysteria.go b/adapter/outbound/hysteria.go
index 84058da6..24ea565b 100644
--- a/adapter/outbound/hysteria.go
+++ b/adapter/outbound/hysteria.go
@@ -160,14 +160,16 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) {
 		serverName = option.SNI
 	}
 
-	tlsConfig := &tls.Config{
-		ServerName:         serverName,
-		InsecureSkipVerify: option.SkipCertVerify,
-		MinVersion:         tls.VersionTLS13,
-	}
-
-	var err error
-	tlsConfig, err = ca.GetTLSConfig(ca.Option{TLSConfig: tlsConfig, Fingerprint: option.Fingerprint, CustomCA: option.CustomCA, CustomCAString: option.CustomCAString})
+	tlsConfig, err := ca.GetTLSConfig(ca.Option{
+		TLSConfig: &tls.Config{
+			ServerName:         serverName,
+			InsecureSkipVerify: option.SkipCertVerify,
+			MinVersion:         tls.VersionTLS13,
+		},
+		Fingerprint:    option.Fingerprint,
+		CustomCA:       option.CustomCA,
+		CustomCAString: option.CustomCAString,
+	})
 	if err != nil {
 		return nil, err
 	}
diff --git a/adapter/outbound/hysteria2.go b/adapter/outbound/hysteria2.go
index 9e476cb4..1ab66837 100644
--- a/adapter/outbound/hysteria2.go
+++ b/adapter/outbound/hysteria2.go
@@ -141,14 +141,16 @@ func NewHysteria2(option Hysteria2Option) (*Hysteria2, error) {
 		serverName = option.SNI
 	}
 
-	tlsConfig := &tls.Config{
-		ServerName:         serverName,
-		InsecureSkipVerify: option.SkipCertVerify,
-		MinVersion:         tls.VersionTLS13,
-	}
-
-	var err error
-	tlsConfig, err = ca.GetTLSConfig(ca.Option{TLSConfig: tlsConfig, Fingerprint: option.Fingerprint, CustomCA: option.CustomCA, CustomCAString: option.CustomCAString})
+	tlsConfig, err := ca.GetTLSConfig(ca.Option{
+		TLSConfig: &tls.Config{
+			ServerName:         serverName,
+			InsecureSkipVerify: option.SkipCertVerify,
+			MinVersion:         tls.VersionTLS13,
+		},
+		Fingerprint:    option.Fingerprint,
+		CustomCA:       option.CustomCA,
+		CustomCAString: option.CustomCAString,
+	})
 	if err != nil {
 		return nil, err
 	}
diff --git a/adapter/outbound/tuic.go b/adapter/outbound/tuic.go
index 8b2c9ac5..5b97b990 100644
--- a/adapter/outbound/tuic.go
+++ b/adapter/outbound/tuic.go
@@ -161,17 +161,20 @@ func (t *Tuic) ProxyInfo() C.ProxyInfo {
 func NewTuic(option TuicOption) (*Tuic, error) {
 	addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
 	serverName := option.Server
-	tlsConfig := &tls.Config{
-		ServerName:         serverName,
-		InsecureSkipVerify: option.SkipCertVerify,
-		MinVersion:         tls.VersionTLS13,
-	}
 	if option.SNI != "" {
-		tlsConfig.ServerName = option.SNI
+		serverName = option.SNI
 	}
 
-	var err error
-	tlsConfig, err = ca.GetTLSConfig(ca.Option{TLSConfig: tlsConfig, Fingerprint: option.Fingerprint, CustomCA: option.CustomCA, CustomCAString: option.CustomCAString})
+	tlsConfig, err := ca.GetTLSConfig(ca.Option{
+		TLSConfig: &tls.Config{
+			ServerName:         serverName,
+			InsecureSkipVerify: option.SkipCertVerify,
+			MinVersion:         tls.VersionTLS13,
+		},
+		Fingerprint:    option.Fingerprint,
+		CustomCA:       option.CustomCA,
+		CustomCAString: option.CustomCAString,
+	})
 	if err != nil {
 		return nil, err
 	}
diff --git a/dns/client.go b/dns/client.go
index c2373b48..cc07f7ef 100644
--- a/dns/client.go
+++ b/dns/client.go
@@ -48,7 +48,9 @@ func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error)
 		network = "tcp"
 	}
 
-	tlsConfig, err := ca.GetTLSConfig(ca.Option{TLSConfig: c.Client.TLSConfig})
+	tlsConfig, err := ca.GetTLSConfig(ca.Option{
+		TLSConfig: c.Client.TLSConfig,
+	})
 	if err != nil {
 		return nil, err
 	}
diff --git a/dns/doh.go b/dns/doh.go
index bae5c648..29be78b2 100644
--- a/dns/doh.go
+++ b/dns/doh.go
@@ -397,11 +397,13 @@ func (doh *dnsOverHTTPS) createTransport(ctx context.Context) (t http.RoundTripp
 		return transport, nil
 	}
 
-	tlsConfig, err := ca.GetTLSConfig(ca.Option{TLSConfig: &tls.Config{
-		InsecureSkipVerify:     doh.skipCertVerify,
-		MinVersion:             tls.VersionTLS12,
-		SessionTicketsDisabled: false,
-	}})
+	tlsConfig, err := ca.GetTLSConfig(ca.Option{
+		TLSConfig: &tls.Config{
+			InsecureSkipVerify:     doh.skipCertVerify,
+			MinVersion:             tls.VersionTLS12,
+			SessionTicketsDisabled: false,
+		},
+	})
 	if err != nil {
 		return nil, err
 	}
diff --git a/dns/doq.go b/dns/doq.go
index 4d6c7147..6861bd4d 100644
--- a/dns/doq.go
+++ b/dns/doq.go
@@ -331,14 +331,16 @@ func (doq *dnsOverQUIC) openConnection(ctx context.Context) (conn *quic.Conn, er
 		return nil, err
 	}
 
-	tlsConfig, err := ca.GetTLSConfig(ca.Option{TLSConfig: &tls.Config{
-		ServerName:         host,
-		InsecureSkipVerify: doq.skipCertVerify,
-		NextProtos: []string{
-			NextProtoDQ,
+	tlsConfig, err := ca.GetTLSConfig(ca.Option{
+		TLSConfig: &tls.Config{
+			ServerName:         host,
+			InsecureSkipVerify: doq.skipCertVerify,
+			NextProtos: []string{
+				NextProtoDQ,
+			},
+			SessionTicketsDisabled: false,
 		},
-		SessionTicketsDisabled: false,
-	}})
+	})
 	if err != nil {
 		return nil, err
 	}