fix(TLS/SNI): Improve TLS session resumption handling and logging. Now, session resumption attempts are always logged with details, and connections without a proper SNI are rejected when allowSessionTicket is disabled. In addition, empty SNI extensions are explicitly treated as missing, ensuring stricter and more consistent TLS handshake validation.

ts/classes.snihandler.ts

@@ -410,8 +410,13 @@ export class SniHandler {
                   pos += 2;
                   
                   if (extensionType === this.TLS_SNI_EXTENSION_TYPE) {
-                    hasSNI = true;
-                    log('Found SNI extension');
+                    // Check that the SNI extension actually has content
+                    if (extensionLength > 0) {
+                      hasSNI = true;
+                      log('Found SNI extension with length: ' + extensionLength);
+                    } else {
+                      log('Found empty SNI extension, treating as no SNI');
+                    }
                     break;
                   }
                   
@@ -438,6 +443,15 @@ export class SniHandler {
       }
       
       // Return an object with both flags
+      // For clarity: connections should be blocked if they have session resumption without SNI
+      if (isResumption) {
+        log(`Resumption summary - hasSNI: ${hasSNI ? 'yes' : 'no'}, resumption type: ${
+          hasSessionTicket ? 'session ticket, ' : ''
+        }${hasPSK ? 'PSK, ' : ''}${hasEarlyData ? 'early data, ' : ''}${
+          hasNonEmptySessionId ? 'session ID' : ''
+        }`);
+      }
+      
       return { 
         isResumption, 
         hasSNI