diff --git a/changelog.md b/changelog.md index 0f1a16b..b855f55 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,11 @@ # Changelog +## 2025-02-21 - 3.7.2 - fix(PortProxy) +Improve SNICallback and connection handling in PortProxy + +- Fixed SNICallback to create minimal TLS context for SNI. +- Changed connection setup to use net.connect for raw passthrough. + ## 2025-02-21 - 3.7.1 - fix(smartproxy.portproxy) Optimize SNI handling by simplifying context creation diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts index de84665..7509cca 100644 --- a/ts/00_commitinfo_data.ts +++ b/ts/00_commitinfo_data.ts @@ -3,6 +3,6 @@ */ export const commitinfo = { name: '@push.rocks/smartproxy', - version: '3.7.1', + version: '3.7.2', description: 'a proxy for handling high workloads of proxying' } diff --git a/ts/smartproxy.portproxy.ts b/ts/smartproxy.portproxy.ts index b6725fd..b59f9ab 100644 --- a/ts/smartproxy.portproxy.ts +++ b/ts/smartproxy.portproxy.ts @@ -70,12 +70,14 @@ export class PortProxy { const server = this.settings.sniEnabled ? plugins.tls.createServer({ - ...this.settings, SNICallback: (serverName: string, cb: (err: Error | null, ctx?: plugins.tls.SecureContext) => void) => { console.log(`SNI request for domain: ${serverName}`); - // For SNI passthrough, we don't need to create a context - // Just acknowledge the SNI request and continue - cb(null); + // Create a minimal context just to read SNI, we'll pass through the actual TLS + const ctx = plugins.tls.createSecureContext({ + minVersion: 'TLSv1.2', + maxVersion: 'TLSv1.3' + }); + cb(null, ctx); } }) : plugins.net.createServer(); @@ -130,7 +132,8 @@ export class PortProxy { connectionOptions.localAddress = remoteIP.replace('::ffff:', ''); // Remove IPv6 mapping if present } - const to = plugins.net.createConnection(connectionOptions); + // If this is a TLS connection, use net.connect to ensure raw passthrough + const to = plugins.net.connect(connectionOptions); console.log(`Connection established: ${remoteIP} -> ${targetHost}:${this.settings.toPort}${serverName ? ` (SNI: ${serverName})` : ''}`); from.setTimeout(120000); from.pipe(to);