From f72db86e37c24d5876e392ad14e9e8cbab5b38cb Mon Sep 17 00:00:00 2001
From: Philipp Kunz <code@philkunz.com>
Date: Sun, 16 Mar 2025 14:13:35 +0000
Subject: [PATCH] fix(ConnectionHandler): Replace closeNotify alert with
 handshake failure alert in TLS ClientHello handling to properly signal
 missing SNI and enforce session ticket restrictions.

---
 changelog.md                       | 6 ++++++
 ts/00_commitinfo_data.ts           | 2 +-
 ts/classes.pp.connectionhandler.ts | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/changelog.md b/changelog.md
index a0c33a6..1474d3b 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2025-03-16 - 4.1.9 - fix(ConnectionHandler)
+Replace closeNotify alert with handshake failure alert in TLS ClientHello handling to properly signal missing SNI and enforce session ticket restrictions.
+
+- Switched alert data sent on missing SNI from closeNotifyAlert to sslHandshakeFailureAlertData.
+- Ensures consistent TLS alert behavior during handshake failure.
+
 ## 2025-03-16 - 4.1.8 - fix(ConnectionHandler/tls)
 Change the TLS alert sent when a ClientHello lacks SNI: use the close_notify alert instead of handshake_failure to prompt immediate retry with SNI.
 
diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts
index fae0dcb..222b308 100644
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '4.1.8',
+  version: '4.1.9',
   description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
 }
diff --git a/ts/classes.pp.connectionhandler.ts b/ts/classes.pp.connectionhandler.ts
index 7c45c07..b740c64 100644
--- a/ts/classes.pp.connectionhandler.ts
+++ b/ts/classes.pp.connectionhandler.ts
@@ -608,7 +608,7 @@ export class ConnectionHandler {
             try {
               // Use cork/uncork to ensure the alert is sent as a single packet
               socket.cork();
-              const writeSuccessful = socket.write(closeNotifyAlert);
+              const writeSuccessful = socket.write(serverNameUnknownAlertData);
               socket.uncork();
 
               // Function to handle the clean socket termination