fix(PortProxy): Improve SNICallback and connection handling in PortProxy

2025-02-21 19:56:28 +00:00 · 2025-02-21 19:56:28 +00:00 · 935bd95723
commit 935bd95723
parent 0e33ea4eb5
3 changed files with 15 additions and 6 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,11 @@
 # Changelog

+## 2025-02-21 - 3.7.2 - fix(PortProxy)
+Improve SNICallback and connection handling in PortProxy
+
+- Fixed SNICallback to create minimal TLS context for SNI.
+- Changed connection setup to use net.connect for raw passthrough.
+
 ## 2025-02-21 - 3.7.1 - fix(smartproxy.portproxy)
 Optimize SNI handling by simplifying context creation

--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartproxy',
-  version: '3.7.1',
+  version: '3.7.2',
  description: 'a proxy for handling high workloads of proxying'
 }
--- a/ts/smartproxy.portproxy.ts
+++ b/ts/smartproxy.portproxy.ts
@ -70,12 +70,14 @@ export class PortProxy {

    const server = this.settings.sniEnabled
      ? plugins.tls.createServer({
-          ...this.settings,
          SNICallback: (serverName: string, cb: (err: Error | null, ctx?: plugins.tls.SecureContext) => void) => {
            console.log(`SNI request for domain: ${serverName}`);
-            // For SNI passthrough, we don't need to create a context
-            // Just acknowledge the SNI request and continue
-            cb(null);
+            // Create a minimal context just to read SNI, we'll pass through the actual TLS
+            const ctx = plugins.tls.createSecureContext({
+              minVersion: 'TLSv1.2',
+              maxVersion: 'TLSv1.3'
+            });
+            cb(null, ctx);
          }
        })
      : plugins.net.createServer();
@ -130,7 +132,8 @@ export class PortProxy {
        connectionOptions.localAddress = remoteIP.replace('::ffff:', ''); // Remove IPv6 mapping if present
      }

-      const to = plugins.net.createConnection(connectionOptions);
+      // If this is a TLS connection, use net.connect to ensure raw passthrough
+      const to = plugins.net.connect(connectionOptions);
      console.log(`Connection established: ${remoteIP} -> ${targetHost}:${this.settings.toPort}${serverName ? ` (SNI: ${serverName})` : ''}`);
      from.setTimeout(120000);
      from.pipe(to);