diff --git a/client/service.go b/client/service.go
index b9451926..d5755400 100644
--- a/client/service.go
+++ b/client/service.go
@@ -293,6 +293,8 @@ func (svr *Service) ReloadConf(pxyCfgs map[string]config.ProxyConf, visitorCfgs
 
 func (svr *Service) Close() {
 	atomic.StoreUint32(&svr.exit, 1)
-	svr.ctl.Close()
+	if svr.ctl != nil {
+		svr.ctl.Close()
+	}
 	svr.cancel()
 }
diff --git a/test/e2e/basic/client_server.go b/test/e2e/basic/client_server.go
index 3bad04ec..5fb755db 100644
--- a/test/e2e/basic/client_server.go
+++ b/test/e2e/basic/client_server.go
@@ -2,6 +2,7 @@ package basic
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/fatedier/frp/test/e2e/framework"
 	"github.com/fatedier/frp/test/e2e/framework/consts"
@@ -75,21 +76,40 @@ var _ = Describe("[Feature: Client-Server]", func() {
 	})
 
 	Describe("Authentication", func() {
-		func() {
-			configures := &generalTestConfigures{
-				server: "token = 123456",
-				client: "token = 123456",
-			}
-			defineClientServerTest("Token Correct", f, configures)
-		}()
+		defineClientServerTest("Token Correct", f, &generalTestConfigures{
+			server: "token = 123456",
+			client: "token = 123456",
+		})
 
-		func() {
-			configures := &generalTestConfigures{
-				server:      "token = 123456",
-				client:      "token = invalid",
-				expectError: true,
-			}
-			defineClientServerTest("Token Incorrect", f, configures)
-		}()
+		defineClientServerTest("Token Incorrect", f, &generalTestConfigures{
+			server:      "token = 123456",
+			client:      "token = invalid",
+			expectError: true,
+		})
+	})
+
+	Describe("TLS", func() {
+		supportProtocols := []string{"tcp", "kcp", "websocket"}
+		for _, protocol := range supportProtocols {
+			tmp := protocol
+			defineClientServerTest("TLS over "+strings.ToUpper(tmp), f, &generalTestConfigures{
+				server: fmt.Sprintf(`
+				kcp_bind_port = {{ .%s }}
+				protocol = %s
+				`, consts.PortServerName, protocol),
+				client: fmt.Sprintf(`tls_enable = true
+				protocol = %s
+				`, protocol),
+			})
+		}
+
+		defineClientServerTest("enable tls_only, client with TLS", f, &generalTestConfigures{
+			server: "tls_only = true",
+			client: "tls_enable = true",
+		})
+		defineClientServerTest("enable tls_only, client without TLS", f, &generalTestConfigures{
+			server:      "tls_only = true",
+			expectError: true,
+		})
 	})
 })
diff --git a/tests/ci/auth_test.go b/tests/ci/auth_test.go
deleted file mode 100644
index 35f771f4..00000000
--- a/tests/ci/auth_test.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package ci
-
-import (
-	"os"
-	"testing"
-	"time"
-
-	"github.com/fatedier/frp/tests/config"
-	"github.com/fatedier/frp/tests/consts"
-	"github.com/fatedier/frp/tests/util"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const FRPS_TOKEN_TCP_CONF = `
-[common]
-bind_addr = 0.0.0.0
-bind_port = 20000
-log_file = console
-log_level = debug
-authentication_method = token
-token = 123456
-`
-
-const FRPC_TOKEN_TCP_CONF = `
-[common]
-server_addr = 127.0.0.1
-server_port = 20000
-log_file = console
-log_level = debug
-authentication_method = token
-token = 123456
-protocol = tcp
-
-[tcp]
-type = tcp
-local_port = 10701
-remote_port = 20801
-`
-
-func TestTCPWithTokenAuthentication(t *testing.T) {
-	assert := assert.New(t)
-	frpsCfgPath, err := config.GenerateConfigFile(consts.FRPS_NORMAL_CONFIG, FRPS_TOKEN_TCP_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpsCfgPath)
-	}
-
-	frpcCfgPath, err := config.GenerateConfigFile(consts.FRPC_NORMAL_CONFIG, FRPC_TOKEN_TCP_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpcCfgPath)
-	}
-
-	frpsProcess := util.NewProcess(consts.FRPS_BIN_PATH, []string{"-c", frpsCfgPath})
-	err = frpsProcess.Start()
-	if assert.NoError(err) {
-		defer frpsProcess.Stop()
-	}
-
-	time.Sleep(200 * time.Millisecond)
-
-	frpcProcess := util.NewProcess(consts.FRPC_BIN_PATH, []string{"-c", frpcCfgPath})
-	err = frpcProcess.Start()
-	if assert.NoError(err) {
-		defer frpcProcess.Stop()
-	}
-	time.Sleep(500 * time.Millisecond)
-
-	// test tcp
-	res, err := util.SendTCPMsg("127.0.0.1:20801", consts.TEST_TCP_ECHO_STR)
-	assert.NoError(err)
-	assert.Equal(consts.TEST_TCP_ECHO_STR, res)
-}
diff --git a/tests/ci/normal_test.go b/tests/ci/normal_test.go
index 179b082a..e9e34945 100644
--- a/tests/ci/normal_test.go
+++ b/tests/ci/normal_test.go
@@ -61,73 +61,6 @@ func TestMain(m *testing.M) {
 	os.Exit(exitCode)
 }
 
-func TestTCP(t *testing.T) {
-	assert := assert.New(t)
-	// Normal
-	addr := fmt.Sprintf("127.0.0.1:%d", consts.TEST_TCP_FRP_PORT)
-	res, err := util.SendTCPMsg(addr, consts.TEST_TCP_ECHO_STR)
-	assert.NoError(err)
-	assert.Equal(consts.TEST_TCP_ECHO_STR, res)
-
-	// Encrytion and compression
-	addr = fmt.Sprintf("127.0.0.1:%d", consts.TEST_TCP_EC_FRP_PORT)
-	res, err = util.SendTCPMsg(addr, consts.TEST_TCP_ECHO_STR)
-	assert.NoError(err)
-	assert.Equal(consts.TEST_TCP_ECHO_STR, res)
-}
-
-func TestUDP(t *testing.T) {
-	assert := assert.New(t)
-	// Normal
-	addr := fmt.Sprintf("127.0.0.1:%d", consts.TEST_UDP_FRP_PORT)
-	res, err := util.SendUDPMsg(addr, consts.TEST_UDP_ECHO_STR)
-	assert.NoError(err)
-	assert.Equal(consts.TEST_UDP_ECHO_STR, res)
-
-	// Encrytion and compression
-	addr = fmt.Sprintf("127.0.0.1:%d", consts.TEST_UDP_EC_FRP_PORT)
-	res, err = util.SendUDPMsg(addr, consts.TEST_UDP_ECHO_STR)
-	assert.NoError(err)
-	assert.Equal(consts.TEST_UDP_ECHO_STR, res)
-}
-
-func TestUnixDomain(t *testing.T) {
-	assert := assert.New(t)
-	// Normal
-	addr := fmt.Sprintf("127.0.0.1:%d", consts.TEST_UNIX_DOMAIN_FRP_PORT)
-	res, err := util.SendTCPMsg(addr, consts.TEST_UNIX_DOMAIN_STR)
-	if assert.NoError(err) {
-		assert.Equal(consts.TEST_UNIX_DOMAIN_STR, res)
-	}
-}
-
-func TestSTCP(t *testing.T) {
-	assert := assert.New(t)
-	// Normal
-	addr := fmt.Sprintf("127.0.0.1:%d", consts.TEST_STCP_FRP_PORT)
-	res, err := util.SendTCPMsg(addr, consts.TEST_STCP_ECHO_STR)
-	if assert.NoError(err) {
-		assert.Equal(consts.TEST_STCP_ECHO_STR, res)
-	}
-
-	// Encrytion and compression
-	addr = fmt.Sprintf("127.0.0.1:%d", consts.TEST_STCP_EC_FRP_PORT)
-	res, err = util.SendTCPMsg(addr, consts.TEST_STCP_ECHO_STR)
-	if assert.NoError(err) {
-		assert.Equal(consts.TEST_STCP_ECHO_STR, res)
-	}
-}
-
-func TestSUDP(t *testing.T) {
-	assert := assert.New(t)
-	// Normal
-	addr := fmt.Sprintf("127.0.0.1:%d", consts.TEST_SUDP_FRP_PORT)
-	res, err := util.SendUDPMsg(addr, consts.TEST_SUDP_ECHO_STR)
-
-	assert.NoError(err)
-	assert.Equal(consts.TEST_SUDP_ECHO_STR, res)
-}
-
 func TestHTTP(t *testing.T) {
 	assert := assert.New(t)
 	// web01
diff --git a/tests/ci/tls_test.go b/tests/ci/tls_test.go
deleted file mode 100644
index becfc51b..00000000
--- a/tests/ci/tls_test.go
+++ /dev/null
@@ -1,280 +0,0 @@
-package ci
-
-import (
-	"os"
-	"testing"
-	"time"
-
-	"github.com/fatedier/frp/tests/config"
-	"github.com/fatedier/frp/tests/consts"
-	"github.com/fatedier/frp/tests/util"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const FRPS_TLS_TCP_CONF = `
-[common]
-bind_addr = 0.0.0.0
-bind_port = 20000
-log_file = console
-log_level = debug
-token = 123456
-`
-
-const FRPC_TLS_TCP_CONF = `
-[common]
-server_addr = 127.0.0.1
-server_port = 20000
-log_file = console
-log_level = debug
-token = 123456
-protocol = tcp
-tls_enable = true
-
-[tcp]
-type = tcp
-local_port = 10701
-remote_port = 20801
-`
-
-func TestTLSOverTCP(t *testing.T) {
-	assert := assert.New(t)
-	frpsCfgPath, err := config.GenerateConfigFile(consts.FRPS_NORMAL_CONFIG, FRPS_TLS_TCP_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpsCfgPath)
-	}
-
-	frpcCfgPath, err := config.GenerateConfigFile(consts.FRPC_NORMAL_CONFIG, FRPC_TLS_TCP_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpcCfgPath)
-	}
-
-	frpsProcess := util.NewProcess(consts.FRPS_BIN_PATH, []string{"-c", frpsCfgPath})
-	err = frpsProcess.Start()
-	if assert.NoError(err) {
-		defer frpsProcess.Stop()
-	}
-
-	time.Sleep(200 * time.Millisecond)
-
-	frpcProcess := util.NewProcess(consts.FRPC_BIN_PATH, []string{"-c", frpcCfgPath})
-	err = frpcProcess.Start()
-	if assert.NoError(err) {
-		defer frpcProcess.Stop()
-	}
-	time.Sleep(500 * time.Millisecond)
-
-	// test tcp
-	res, err := util.SendTCPMsg("127.0.0.1:20801", consts.TEST_TCP_ECHO_STR)
-	assert.NoError(err)
-	assert.Equal(consts.TEST_TCP_ECHO_STR, res)
-}
-
-const FRPS_TLS_KCP_CONF = `
-[common]
-bind_addr = 0.0.0.0
-bind_port = 20000
-kcp_bind_port = 20000
-log_file = console
-log_level = debug
-token = 123456
-`
-
-const FRPC_TLS_KCP_CONF = `
-[common]
-server_addr = 127.0.0.1
-server_port = 20000
-log_file = console
-log_level = debug
-token = 123456
-protocol = kcp
-tls_enable = true
-
-[tcp]
-type = tcp
-local_port = 10701
-remote_port = 20801
-`
-
-func TestTLSOverKCP(t *testing.T) {
-	assert := assert.New(t)
-	frpsCfgPath, err := config.GenerateConfigFile(consts.FRPS_NORMAL_CONFIG, FRPS_TLS_KCP_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpsCfgPath)
-	}
-
-	frpcCfgPath, err := config.GenerateConfigFile(consts.FRPC_NORMAL_CONFIG, FRPC_TLS_KCP_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpcCfgPath)
-	}
-
-	frpsProcess := util.NewProcess(consts.FRPS_BIN_PATH, []string{"-c", frpsCfgPath})
-	err = frpsProcess.Start()
-	if assert.NoError(err) {
-		defer frpsProcess.Stop()
-	}
-
-	time.Sleep(200 * time.Millisecond)
-
-	frpcProcess := util.NewProcess(consts.FRPC_BIN_PATH, []string{"-c", frpcCfgPath})
-	err = frpcProcess.Start()
-	if assert.NoError(err) {
-		defer frpcProcess.Stop()
-	}
-	time.Sleep(500 * time.Millisecond)
-
-	// test tcp
-	res, err := util.SendTCPMsg("127.0.0.1:20801", consts.TEST_TCP_ECHO_STR)
-	assert.NoError(err)
-	assert.Equal(consts.TEST_TCP_ECHO_STR, res)
-}
-
-const FRPS_TLS_WS_CONF = `
-[common]
-bind_addr = 0.0.0.0
-bind_port = 20000
-log_file = console
-log_level = debug
-token = 123456
-`
-
-const FRPC_TLS_WS_CONF = `
-[common]
-server_addr = 127.0.0.1
-server_port = 20000
-log_file = console
-log_level = debug
-token = 123456
-protocol = websocket
-tls_enable = true
-
-[tcp]
-type = tcp
-local_port = 10701
-remote_port = 20801
-`
-
-func TestTLSOverWebsocket(t *testing.T) {
-	assert := assert.New(t)
-	frpsCfgPath, err := config.GenerateConfigFile(consts.FRPS_NORMAL_CONFIG, FRPS_TLS_WS_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpsCfgPath)
-	}
-
-	frpcCfgPath, err := config.GenerateConfigFile(consts.FRPC_NORMAL_CONFIG, FRPC_TLS_WS_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpcCfgPath)
-	}
-
-	frpsProcess := util.NewProcess(consts.FRPS_BIN_PATH, []string{"-c", frpsCfgPath})
-	err = frpsProcess.Start()
-	if assert.NoError(err) {
-		defer frpsProcess.Stop()
-	}
-
-	time.Sleep(200 * time.Millisecond)
-
-	frpcProcess := util.NewProcess(consts.FRPC_BIN_PATH, []string{"-c", frpcCfgPath})
-	err = frpcProcess.Start()
-	if assert.NoError(err) {
-		defer frpcProcess.Stop()
-	}
-	time.Sleep(500 * time.Millisecond)
-
-	// test tcp
-	res, err := util.SendTCPMsg("127.0.0.1:20801", consts.TEST_TCP_ECHO_STR)
-	assert.NoError(err)
-	assert.Equal(consts.TEST_TCP_ECHO_STR, res)
-}
-
-const FRPS_TLS_ONLY_TCP_CONF = `
-[common]
-bind_addr = 0.0.0.0
-bind_port = 20000
-log_file = console
-log_level = debug
-token = 123456
-tls_only = true
-`
-
-const FRPC_TLS_ONLY_TCP_CONF = `
-[common]
-server_addr = 127.0.0.1
-server_port = 20000
-log_file = console
-log_level = debug
-token = 123456
-protocol = tcp
-tls_enable = true
-
-[tcp]
-type = tcp
-local_port = 10701
-remote_port = 20801
-`
-
-const FRPC_TLS_ONLY_NO_TLS_TCP_CONF = `
-[common]
-server_addr = 127.0.0.1
-server_port = 20000
-log_file = console
-log_level = debug
-token = 123456
-protocol = tcp
-tls_enable = false
-
-[tcp]
-type = tcp
-local_port = 10701
-remote_port = 20802
-`
-
-func TestTLSOnlyOverTCP(t *testing.T) {
-	assert := assert.New(t)
-	frpsCfgPath, err := config.GenerateConfigFile(consts.FRPS_NORMAL_CONFIG, FRPS_TLS_ONLY_TCP_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpsCfgPath)
-	}
-
-	frpcWithTLSCfgPath, err := config.GenerateConfigFile(consts.FRPC_NORMAL_CONFIG, FRPC_TLS_ONLY_TCP_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpcWithTLSCfgPath)
-	}
-
-	frpsProcess := util.NewProcess(consts.FRPS_BIN_PATH, []string{"-c", frpsCfgPath})
-	err = frpsProcess.Start()
-	if assert.NoError(err) {
-		defer frpsProcess.Stop()
-	}
-
-	time.Sleep(200 * time.Millisecond)
-
-	frpcProcessWithTLS := util.NewProcess(consts.FRPC_BIN_PATH, []string{"-c", frpcWithTLSCfgPath})
-	err = frpcProcessWithTLS.Start()
-	if assert.NoError(err) {
-		defer frpcProcessWithTLS.Stop()
-	}
-	time.Sleep(500 * time.Millisecond)
-
-	// test tcp over TLS
-	res, err := util.SendTCPMsg("127.0.0.1:20801", consts.TEST_TCP_ECHO_STR)
-	assert.NoError(err)
-	assert.Equal(consts.TEST_TCP_ECHO_STR, res)
-	frpcProcessWithTLS.Stop()
-
-	frpcWithoutTLSCfgPath, err := config.GenerateConfigFile(consts.FRPC_NORMAL_CONFIG, FRPC_TLS_ONLY_NO_TLS_TCP_CONF)
-	if assert.NoError(err) {
-		defer os.Remove(frpcWithTLSCfgPath)
-	}
-
-	frpcProcessWithoutTLS := util.NewProcess(consts.FRPC_BIN_PATH, []string{"-c", frpcWithoutTLSCfgPath})
-	err = frpcProcessWithoutTLS.Start()
-	if assert.NoError(err) {
-		defer frpcProcessWithoutTLS.Stop()
-	}
-	time.Sleep(500 * time.Millisecond)
-
-	// test tcp without TLS
-	_, err = util.SendTCPMsg("127.0.0.1:20802", consts.TEST_TCP_ECHO_STR)
-	assert.Error(err)
-}