push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(tls/sni): Improve logging for TLS session resumption by extracting and logging SNI values from ClientHello messages.

Browse Source
This commit is contained in:
Philipp Kunz
2025-03-12 10:01:54 +00:00
parent 156abbf5b4
commit ab1ec84832
4 changed files with 52 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ts/classes.portproxy.ts
View File

@@ -945,9 +945,13 @@ export class PortProxy {
if (resumptionInfo.isResumption) {
// Always log resumption attempt for easier debugging
// Try to extract SNI for logging
const extractedSNI = SniHandler.extractSNI(renegChunk, this.settings.enableTlsDebugLogging);
console.log(
`[${connectionId}] Session resumption detected in renegotiation. ` +
`Has SNI: ${resumptionInfo.hasSNI ? 'Yes' : 'No'}, allowSessionTicket: ${this.settings.allowSessionTicket}`
`Has SNI: ${resumptionInfo.hasSNI ? 'Yes' : 'No'}, ` +
`SNI value: ${extractedSNI || 'None'}, ` +
`allowSessionTicket: ${this.settings.allowSessionTicket}`
);
// Block if there's session resumption without SNI
@@ -1585,9 +1589,13 @@ export class PortProxy {
if (resumptionInfo.isResumption) {
// Always log resumption attempt for easier debugging
// Try to extract SNI for logging
const extractedSNI = SniHandler.extractSNI(chunk, this.settings.enableTlsDebugLogging);
console.log(
`[${connectionId}] Session resumption detected in initial ClientHello. ` +
`Has SNI: ${resumptionInfo.hasSNI ? 'Yes' : 'No'}, allowSessionTicket: ${this.settings.allowSessionTicket}`
`Has SNI: ${resumptionInfo.hasSNI ? 'Yes' : 'No'}, ` +
`SNI value: ${extractedSNI || 'None'}, ` +
`allowSessionTicket: ${this.settings.allowSessionTicket}`
);
// Block if there's session resumption without SNI
@@ -1967,9 +1975,13 @@ export class PortProxy {
if (resumptionInfo.isResumption) {
// Always log resumption attempt for easier debugging
// Try to extract SNI for logging
const extractedSNI = SniHandler.extractSNI(chunk, this.settings.enableTlsDebugLogging);
console.log(
`[${connectionId}] Session resumption detected in SNI handler. ` +
`Has SNI: ${resumptionInfo.hasSNI ? 'Yes' : 'No'}, allowSessionTicket: ${this.settings.allowSessionTicket}`
`Has SNI: ${resumptionInfo.hasSNI ? 'Yes' : 'No'}, ` +
`SNI value: ${extractedSNI || 'None'}, ` +
`allowSessionTicket: ${this.settings.allowSessionTicket}`
);
// Block if there's session resumption without SNI