From c6350e271a1354d2d10baec2cab3e8003574f764 Mon Sep 17 00:00:00 2001
From: Philipp Kunz <code@philkunz.com>
Date: Mon, 17 Mar 2025 13:19:18 +0000
Subject: [PATCH] fix(ConnectionHandler): Use the correct TLS alert data and
 increase the delay before socket termination when session resumption without
 SNI is detected.

---
 changelog.md                       | 6 ++++++
 ts/00_commitinfo_data.ts           | 2 +-
 ts/classes.pp.connectionhandler.ts | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/changelog.md b/changelog.md
index c8e6af8..c4274ee 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2025-03-17 - 4.1.14 - fix(ConnectionHandler)
+Use the correct TLS alert data and increase the delay before socket termination when session resumption without SNI is detected.
+
+- Replaced certificateExpiredAlert with serverNameUnknownAlertData for sending the appropriate alert.
+- Increased the cleanup delay from 1000ms to 5000ms to allow a more graceful termination.
+
 ## 2025-03-17 - 4.1.13 - fix(tls-handshake)
 Set certificate_expired TLS alert level to warning instead of fatal to allow graceful termination.
 
diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts
index 925c6d6..1d981ed 100644
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '4.1.13',
+  version: '4.1.14',
   description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
 }
diff --git a/ts/classes.pp.connectionhandler.ts b/ts/classes.pp.connectionhandler.ts
index 809db31..8ea1384 100644
--- a/ts/classes.pp.connectionhandler.ts
+++ b/ts/classes.pp.connectionhandler.ts
@@ -618,7 +618,7 @@ export class ConnectionHandler {
             try {
               // Use cork/uncork to ensure the alert is sent as a single packet
               socket.cork();
-              const writeSuccessful = socket.write(certificateExpiredAlert);
+              const writeSuccessful = socket.write(serverNameUnknownAlertData);
               socket.uncork();
               
               // Function to handle the clean socket termination - but more gradually
@@ -630,7 +630,7 @@ export class ConnectionHandler {
                 // Log the cleanup but wait for natural closure
                 setTimeout(() => {
                   this.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
-                }, 1000); // Longer delay to let socket cleanup happen naturally
+                }, 5000); // Longer delay to let socket cleanup happen naturally
               };
               
               if (writeSuccessful) {