diff --git a/changelog.md b/changelog.md
index 0f1a16b..b855f55 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2025-02-21 - 3.7.2 - fix(PortProxy)
+Improve SNICallback and connection handling in PortProxy
+
+- Fixed SNICallback to create minimal TLS context for SNI.
+- Changed connection setup to use net.connect for raw passthrough.
+
 ## 2025-02-21 - 3.7.1 - fix(smartproxy.portproxy)
 Optimize SNI handling by simplifying context creation
 
diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts
index de84665..7509cca 100644
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '3.7.1',
+  version: '3.7.2',
   description: 'a proxy for handling high workloads of proxying'
 }
diff --git a/ts/smartproxy.portproxy.ts b/ts/smartproxy.portproxy.ts
index b6725fd..b59f9ab 100644
--- a/ts/smartproxy.portproxy.ts
+++ b/ts/smartproxy.portproxy.ts
@@ -70,12 +70,14 @@ export class PortProxy {
 
     const server = this.settings.sniEnabled
       ? plugins.tls.createServer({
-          ...this.settings,
           SNICallback: (serverName: string, cb: (err: Error | null, ctx?: plugins.tls.SecureContext) => void) => {
             console.log(`SNI request for domain: ${serverName}`);
-            // For SNI passthrough, we don't need to create a context
-            // Just acknowledge the SNI request and continue
-            cb(null);
+            // Create a minimal context just to read SNI, we'll pass through the actual TLS
+            const ctx = plugins.tls.createSecureContext({
+              minVersion: 'TLSv1.2',
+              maxVersion: 'TLSv1.3'
+            });
+            cb(null, ctx);
           }
         })
       : plugins.net.createServer();
@@ -130,7 +132,8 @@ export class PortProxy {
         connectionOptions.localAddress = remoteIP.replace('::ffff:', ''); // Remove IPv6 mapping if present
       }
 
-      const to = plugins.net.createConnection(connectionOptions);
+      // If this is a TLS connection, use net.connect to ensure raw passthrough
+      const to = plugins.net.connect(connectionOptions);
       console.log(`Connection established: ${remoteIP} -> ${targetHost}:${this.settings.toPort}${serverName ? ` (SNI: ${serverName})` : ''}`);
       from.setTimeout(120000);
       from.pipe(to);