diff --git a/common/include/tfe_cmsg.h b/common/include/tfe_cmsg.h
index 60f7978..c6dbe5e 100644
--- a/common/include/tfe_cmsg.h
+++ b/common/include/tfe_cmsg.h
@@ -41,13 +41,13 @@ enum tfe_cmsg_tlv_type
     TFE_CMSG_KEYRING_FOR_TRUSTED_ID, // size int
     TFE_CMSG_KEYRING_FOR_UNTRUSTED,  // size int
 
-    TFE_CMSG_SSL_INTERCEPT_STATE,     //size uint64_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
+    TFE_CMSG_SSL_INTERCEPT_STATE,     //size uint8_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
     TFE_CMSG_SSL_SERVER_SIDE_LATENCY, //size uint64_t, milisecond
     TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, //size uint64_t, milisecond
     TFE_CMSG_SSL_SERVER_SIDE_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
     TFE_CMSG_SSL_CLIENT_SIDE_VERSION,
-    TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning
-    TFE_CMSG_SSL_CERT_VERIFY,
+    TFE_CMSG_SSL_PINNING_STATE, // size uint8_t, 0-not pinning 1-pinning 2-maybe pinning
+    TFE_CMSG_SSL_CERT_VERIFY,   // size uint8_t
     TFE_CMSG_SSL_ERROR, //string
 
     /* Original Traffic's src & dst MAC address */
diff --git a/platform/src/proxy.cpp b/platform/src/proxy.cpp
index d2fc87b..8ea88d7 100644
--- a/platform/src/proxy.cpp
+++ b/platform/src/proxy.cpp
@@ -194,7 +194,7 @@ int tfe_proxy_fds_accept(struct tfe_proxy *ctx, int fd_downstream, int fd_upstre
 	if (unlikely(ctx->tcp_all_passthrough) || tcp_passthrough > 0)
 	{
 		bool __true = true;
-		uint64_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH;
+		uint8_t ssl_intercept_status = SSL_ACTION_PASSTHROUGH;
 		enum tfe_stream_proto __session_type = STREAM_PROTO_PLAIN;
 
 		tfe_stream_option_set(stream, TFE_STREAM_OPT_PASSTHROUGH, &__true, sizeof(__true));
diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index 2584b32..9e888b8 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -202,7 +202,7 @@ struct ssl_upstream_parts
 	int keyring_for_trusted;
 	int keyring_for_untrusted;
 	struct ssl_chello * client_hello;
-	int is_server_cert_verify_passed;
+	uint8_t is_server_cert_verify_passed;
 };
 struct ssl_downstream_parts
 {
@@ -1082,6 +1082,13 @@ void ssl_stream_set_cmsg_string(struct ssl_stream* stream, enum tfe_cmsg_tlv_typ
 	assert(ret==0);
 	return;
 }
+static void ssl_stream_set_cmsg_uint8(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, uint8_t value_int)
+{
+	struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream);
+	UNUSED int ret=tfe_cmsg_set(cmsg, type, (const unsigned char*)&value_int, (uint16_t)sizeof(value_int));
+	assert(ret==0);
+	return;
+}
 static void ssl_stream_set_cmsg_integer(struct ssl_stream* stream, enum tfe_cmsg_tlv_type type, uint64_t value_int)
 {
 	struct tfe_cmsg* cmsg=tfe_stream_get0_cmsg(stream->tcp_stream);
@@ -1329,7 +1336,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
 			}
 			else
 			{
-				s_upstream->is_server_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
+				s_upstream->is_server_cert_verify_passed = !!ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
 													s_stream->ssl, s_stream->up_parts.client_hello->sni, &(s_stream->up_parts.verify_param),
 													error_str, sizeof(error_str), &(s_stream->up_parts.verify_result));
 				TFE_LOG_DEBUG(g_default_logger,
@@ -1407,7 +1414,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
 		}
 		s_stream->negotiated_version=SSL_version(s_stream->ssl);
 		ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_SERVER_SIDE_VERSION, SSL_get_version(s_stream->ssl));
-		ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_CERT_VERIFY, s_upstream->is_server_cert_verify_passed);
+		ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_CERT_VERIFY, s_upstream->is_server_cert_verify_passed);
 		promise_success(p, ctx);
 	}
 	if(s_stream->error)
@@ -1453,15 +1460,15 @@ static void peek_chello_on_succ(future_result_t * result, void * user)
     {
     case JA3_PINNING_STATUS_NOT_PINNING:
         ctx->mgr->svc_cache->stat.app_not_pinning_cnt++;
-        ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_NOT_PINNING);
+        ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_NOT_PINNING);
         break;
     case JA3_PINNING_STATUS_IS_PINNING:
-        ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);
+        ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);
         break;
     case JA3_PINNING_STATUS_UNKNOWN:
 		/* fall through */
 	default:
-        ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, svc_status->cli_pinning_status);
+        ssl_stream_set_cmsg_uint8(s_stream, TFE_CMSG_SSL_PINNING_STATE, svc_status->cli_pinning_status);
         break;
 	}
     
@@ -2213,7 +2220,7 @@ uint64_t ssl_stream_get_policy_id(struct ssl_stream *upstream)
 	uint16_t out_size;
 	uint64_t policy_id = 0;
 	struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
-	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)policy_id, sizeof(policy_id), &out_size);
+	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&policy_id, sizeof(policy_id), &out_size);
 	assert(ret == 0);
 
 	return policy_id;
@@ -2224,7 +2231,7 @@ int ssl_stream_get_decrypted_profile_id(struct ssl_stream *upstream)
 	uint16_t out_size;
 	int profile_id = 0;
 	struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
-	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)profile_id, sizeof(profile_id), &out_size);
+	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)&profile_id, sizeof(profile_id), &out_size);
 	assert(ret == 0);
 
 	return profile_id;
@@ -2235,7 +2242,7 @@ int ssl_stream_get_trusted_keyring_profile_id(struct ssl_stream *upstream)
 	uint16_t out_size;
 	int keyring_id = 0;
 	struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
-	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)keyring_id, sizeof(keyring_id), &out_size);
+	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size);
 	assert(ret == 0);
 
 	return keyring_id;
@@ -2246,7 +2253,7 @@ int ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream)
 	uint16_t out_size;
 	int keyring_id = 0;
 	struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
-	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)keyring_id, sizeof(keyring_id), &out_size);
+	int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size);
 	assert(ret == 0);
 
 	return keyring_id;