fix(TLS/SNI): Improve TLS session resumption handling and logging. Now, session resumption attempts are always logged with details, and connections without a proper SNI are rejected when allowSessionTicket is disabled. In addition, empty SNI extensions are explicitly treated as missing, ensuring stricter and more consistent TLS handshake validation.
This commit is contained in:
@ -1,5 +1,12 @@
|
||||
# Changelog
|
||||
|
||||
## 2025-03-12 - 3.41.3 - fix(TLS/SNI)
|
||||
Improve TLS session resumption handling and logging. Now, session resumption attempts are always logged with details, and connections without a proper SNI are rejected when allowSessionTicket is disabled. In addition, empty SNI extensions are explicitly treated as missing, ensuring stricter and more consistent TLS handshake validation.
|
||||
|
||||
- Always log session resumption in both renegotiation and initial ClientHello processing.
|
||||
- Terminate connections that attempt session resumption without SNI when allowSessionTicket is false.
|
||||
- Treat empty SNI extensions as absence of SNI to improve consistency in TLS handshake processing.
|
||||
|
||||
## 2025-03-11 - 3.41.2 - fix(SniHandler)
|
||||
Refactor hasSessionResumption to return detailed session resumption info
|
||||
|
||||
|
||||
Reference in New Issue
Block a user