fix(classes.portproxy.ts): Adjust TLS keep-alive timeout to refresh certificate context.

2025-03-10 14:15:03 +00:00 · 2025-03-10 14:15:03 +00:00 · 8d3b07b1e6
commit 8d3b07b1e6
parent 51fe935f1f
3 changed files with 16 additions and 9 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,11 @@
 # Changelog

+## 2025-03-10 - 3.30.2 - fix(classes.portproxy.ts)
+Adjust TLS keep-alive timeout to refresh certificate context.
+
+- Modified TLS keep-alive timeout for connections to 8 hours to refresh certificate context.
+- Updated timeout log messages for clarity on TLS certificate refresh.
+
 ## 2025-03-10 - 3.30.1 - fix(PortProxy)
 Improve TLS keep-alive management and fix whitespace formatting

--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartproxy',
-  version: '3.30.1',
+  version: '3.30.2',
  description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
 }
--- a/ts/classes.portproxy.ts
+++ b/ts/classes.portproxy.ts
@ -878,22 +878,23 @@ export class PortProxy {
        }
        // No cleanup timer for immortal connections
      }
-      // For TLS keep-alive connections, use a very extended timeout
+      // For TLS keep-alive connections, use a moderately extended timeout
+      // but not too long to prevent certificate issues
      else if (record.hasKeepAlive && record.isTLS) {
-        // For TLS keep-alive connections, use a very extended timeout
-        // This helps prevent certificate errors after sleep/wake cycles
-        const tlsKeepAliveTimeout = 14 * 24 * 60 * 60 * 1000; // 14 days for TLS keep-alive
+        // Use a shorter timeout for TLS connections to ensure certificate contexts are refreshed periodically
+        // This prevents issues with stale certificates in browser tabs that have been idle for a long time
+        const tlsKeepAliveTimeout = 8 * 60 * 60 * 1000; // 8 hours for TLS keep-alive - reduced from 14 days
        const safeTimeout = ensureSafeTimeout(tlsKeepAliveTimeout);

        record.cleanupTimer = setTimeout(() => {
          console.log(
            `[${connectionId}] TLS keep-alive connection from ${
              record.remoteIP
-            } exceeded extended lifetime (${plugins.prettyMs(
+            } exceeded max lifetime (${plugins.prettyMs(
              tlsKeepAliveTimeout
-            )}), forcing cleanup.`
+            )}), forcing cleanup to refresh certificate context.`
          );
-          this.initiateCleanupOnce(record, 'tls_extended_lifetime');
+          this.initiateCleanupOnce(record, 'tls_certificate_refresh');
        }, safeTimeout);

        // Make sure timeout doesn't keep the process alive
@ -903,7 +904,7 @@ export class PortProxy {

        if (this.settings.enableDetailedLogging) {
          console.log(
-            `[${connectionId}] TLS keep-alive connection with enhanced protection, lifetime: ${plugins.prettyMs(
+            `[${connectionId}] TLS keep-alive connection with certificate refresh protection, lifetime: ${plugins.prettyMs(
              tlsKeepAliveTimeout
            )}`
          );