push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(PortProxy): Improve TLS renegotiation handling in PortProxy by validating the new SNI against allowed domain configurations. If the new SNI is permitted based on existing IP rules, update the locked domain to allow connection reuse; otherwise, terminate the connection to prevent misrouting.

Browse Source
This commit is contained in:
Philipp Kunz
2025-03-11 02:18:56 +00:00
parent bffdaffe39
commit 74fdb58f84
3 changed files with 44 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
changelog.md
View File

@ -1,5 +1,11 @@
# Changelog
## 2025-03-11 - 3.30.6 - fix(PortProxy)
Improve TLS renegotiation handling in PortProxy by validating the new SNI against allowed domain configurations. If the new SNI is permitted based on existing IP rules, update the locked domain to allow connection reuse; otherwise, terminate the connection to prevent misrouting.
- Added logic to check if a new SNI during renegotiation is allowed by comparing IP rules from the matching domain configuration.
- Updated detailed logging to indicate when a valid SNI change is accepted and when it results in a mismatch termination.
## 2025-03-10 - 3.30.5 - fix(internal)
No uncommitted changes detected; project files and tests remain unchanged.