fix(portproxy): Enforce TLS handshake and SNI validation on port 443 by blocking non-TLS connections and terminating session resumption attempts without SNI when allowSessionTicket is disabled.
This commit is contained in:
@ -1,5 +1,13 @@
|
||||
# Changelog
|
||||
|
||||
## 2025-03-12 - 3.41.5 - fix(portproxy)
|
||||
Enforce TLS handshake and SNI validation on port 443 by blocking non-TLS connections and terminating session resumption attempts without SNI when allowSessionTicket is disabled.
|
||||
|
||||
- Added explicit check to block non-TLS connections on port 443 to ensure proper TLS usage.
|
||||
- Enhanced logging for TLS ClientHello to include details on SNI extraction and session resumption status.
|
||||
- Terminate connections with missing SNI by setting termination reasons ('session_ticket_blocked' or 'no_sni_blocked').
|
||||
- Ensured consistent rejection of non-TLS handshakes on standard HTTPS port.
|
||||
|
||||
## 2025-03-12 - 3.41.4 - fix(tls/sni)
|
||||
Improve logging for TLS session resumption by extracting and logging SNI values from ClientHello messages.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user