philkunz
ee79f9ab7c
fix(connectionhandler): Improve handling of TLS ClientHello messages when allowSessionTicket is disabled and no SNI is provided by sending a warning alert (unrecognized_name, code 0x70) with a proper callback and delay to ensure the alert is transmitted before closing the connection.
2025-03-15 18:51:50 +00:00
philkunz
107bc3b50b
4.1.2
Default (tags) / security (push) Successful in 30s
Default (tags) / test (push) Failing after 1m2s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-15 17:16:18 +00:00
philkunz
97982976c8
fix(connectionhandler): Send proper TLS alert before terminating connections when SNI is missing and session tickets are disallowed.
2025-03-15 17:16:18 +00:00
philkunz
fe60f88746
4.1.1
Default (tags) / security (push) Failing after 12m44s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-15 17:00:11 +00:00
philkunz
252a987344
fix(tls): Enforce strict SNI handling in TLS connections by terminating ClientHello messages lacking SNI when session tickets are disallowed and removing legacy session cache code.
2025-03-15 17:00:10 +00:00
philkunz
677d30563f
4.1.0
Default (tags) / security (push) Successful in 37s
Default (tags) / test (push) Failing after 59s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-14 11:34:53 +00:00
philkunz
9aa747b5d4
feat(SniHandler): Enhance SNI extraction to support session caching and tab reactivation by adding session cache initialization, cleanup and helper methods. Update processTlsPacket to use cached SNI for session resumption and connection racing scenarios.
2025-03-14 11:34:52 +00:00
philkunz
1de9491e1d
4.0.0
Default (tags) / security (push) Successful in 35s
Default (tags) / test (push) Failing after 1m6s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-14 09:53:25 +00:00
philkunz
e2ee673197
BREAKING CHANGE(core): refactor: reorganize internal module structure to use classes.pp.* modules
...
- Renamed port proxy and SNI handler source files to classes.pp.portproxy.js and classes.pp.snihandler.js respectively
- Updated import paths in index.ts and test files (e.g. in test.ts and test.router.ts) to reference the new file names
- This refactor improves code organization but breaks direct imports from the old paths
2025-03-14 09:53:25 +00:00
philkunz
985031e9ac
3.41.8
Default (tags) / security (push) Successful in 37s
Default (tags) / test (push) Failing after 1m8s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-12 15:49:42 +00:00
philkunz
4c0105ad09
fix(portproxy): Improve TLS handshake timeout handling and connection piping in PortProxy
2025-03-12 15:49:41 +00:00
philkunz
06896b3102
3.41.7
Default (tags) / security (push) Successful in 35s
Default (tags) / test (push) Failing after 1m0s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-12 12:19:36 +00:00
philkunz
7fe455b4df
fix(core): Refactor PortProxy and SniHandler: improve configuration handling, logging, and whitespace consistency
2025-03-12 12:19:36 +00:00
philkunz
21801aa53d
3.41.6
Default (tags) / security (push) Successful in 37s
Default (tags) / test (push) Failing after 1m1s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-12 10:54:24 +00:00
philkunz
ddfbcdb1f3
fix(SniHandler): Refactor SniHandler: update whitespace, comment formatting, and consistent type definitions
2025-03-12 10:54:24 +00:00
philkunz
b401d126bc
3.41.5
Default (tags) / security (push) Successful in 35s
Default (tags) / test (push) Failing after 1m6s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-12 10:27:26 +00:00
philkunz
baaee0ad4d
fix(portproxy): Enforce TLS handshake and SNI validation on port 443 by blocking non-TLS connections and terminating session resumption attempts without SNI when allowSessionTicket is disabled.
2025-03-12 10:27:25 +00:00
philkunz
fe7c4c2f5e
3.41.4
Default (tags) / security (push) Successful in 30s
Default (tags) / test (push) Failing after 1m0s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-12 10:01:54 +00:00
philkunz
ab1ec84832
fix(tls/sni): Improve logging for TLS session resumption by extracting and logging SNI values from ClientHello messages.
2025-03-12 10:01:54 +00:00
philkunz
156abbf5b4
3.41.3
Default (tags) / security (push) Failing after 10m42s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-12 09:56:21 +00:00
philkunz
1a90566622
fix(TLS/SNI): Improve TLS session resumption handling and logging. Now, session resumption attempts are always logged with details, and connections without a proper SNI are rejected when allowSessionTicket is disabled. In addition, empty SNI extensions are explicitly treated as missing, ensuring stricter and more consistent TLS handshake validation.
2025-03-12 09:56:21 +00:00
philkunz
b48b90d613
3.41.2
Default (tags) / security (push) Successful in 28s
Default (tags) / test (push) Failing after 1m10s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 19:41:04 +00:00
philkunz
124f8d48b7
fix(SniHandler): Refactor hasSessionResumption to return detailed session resumption info
2025-03-11 19:41:04 +00:00
philkunz
b2a57ada5d
3.41.1
Default (tags) / security (push) Successful in 30s
Default (tags) / test (push) Failing after 1m12s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 19:38:41 +00:00
philkunz
62a3e1f4b7
fix(SniHandler): Improve TLS SNI session resumption handling: connections containing a session ticket are now only rejected when no SNI is present and allowSessionTicket is disabled. Updated return values and logging for clearer resumption detection.
2025-03-11 19:38:41 +00:00
philkunz
3a1485213a
3.41.0
Default (tags) / security (push) Failing after 10m42s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 19:31:20 +00:00
philkunz
9dbf6fdeb5
feat(PortProxy/TLS): Add allowSessionTicket option to control TLS session ticket handling
2025-03-11 19:31:20 +00:00
philkunz
9496dd5336
3.40.0
Default (tags) / security (push) Failing after 11m44s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 18:05:20 +00:00
philkunz
29d28fba93
feat(SniHandler): Add session cache support and tab reactivation detection to improve SNI extraction in TLS handshakes
2025-03-11 18:05:20 +00:00
philkunz
8196de4fa3
3.39.0
Default (tags) / security (push) Successful in 35s
Default (tags) / test (push) Failing after 1m2s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:50:57 +00:00
philkunz
6fddafe9fd
feat(PortProxy): Add domain-specific NetworkProxy integration support to PortProxy
2025-03-11 17:50:56 +00:00
philkunz
1e89062167
3.38.2
Default (tags) / security (push) Successful in 22s
Default (tags) / test (push) Failing after 1m11s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:38:32 +00:00
philkunz
21a24fd95b
fix(core): No code changes detected; bumping patch version for consistency.
2025-03-11 17:38:32 +00:00
philkunz
03ef5e7f6e
3.38.1
Default (tags) / security (push) Successful in 21s
Default (tags) / test (push) Failing after 1m1s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:37:43 +00:00
philkunz
415b82a84a
fix(PortProxy): Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.
2025-03-11 17:37:43 +00:00
philkunz
f304cc67b4
3.38.0
Default (tags) / security (push) Successful in 29s
Default (tags) / test (push) Failing after 1m1s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:33:31 +00:00
philkunz
0e12706176
feat(SniHandler): Enhance SNI extraction to support fragmented ClientHello messages, TLS 1.3 early data, and improved PSK parsing
2025-03-11 17:33:31 +00:00
philkunz
6daf4c914d
3.37.3
Default (tags) / security (push) Failing after 13m6s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 17:23:57 +00:00
philkunz
36e4341315
fix(snihandler): Enhance SNI extraction to support TLS 1.3 PSK-based session resumption by adding a dedicated extractSNIFromPSKExtension method and improved logging for session resumption indicators.
2025-03-11 17:23:57 +00:00
philkunz
474134d29c
3.37.2
Default (tags) / security (push) Successful in 20s
Default (tags) / test (push) Failing after 1m10s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:05:15 +00:00
philkunz
43378becd2
fix(PortProxy): Improve buffering and data handling during connection setup in PortProxy to prevent data loss
2025-03-11 17:05:15 +00:00
philkunz
5ba8eb778f
3.37.1
Default (tags) / security (push) Successful in 36s
Default (tags) / test (push) Failing after 1m2s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:01:07 +00:00
philkunz
87d26c86a1
fix(PortProxy/SNI): Refactor SNI extraction in PortProxy to use the dedicated SniHandler class
2025-03-11 17:01:07 +00:00
philkunz
d81cf94876
3.37.0
Default (tags) / security (push) Failing after 10m56s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 12:56:04 +00:00
philkunz
8d06f1533e
feat(portproxy): Add ACME certificate management options to PortProxy, update ACME settings handling, and bump dependency versions
2025-03-11 12:56:03 +00:00
philkunz
223be61c8d
3.35.0
2025-03-11 12:45:55 +00:00
philkunz
6a693f4d86
feat(NetworkProxy): Integrate Port80Handler for automatic ACME certificate management
...
- Add ACME certificate management capabilities to NetworkProxy
- Implement automatic certificate issuance and renewal
- Add SNI support for serving the correct certificates
- Create certificate storage and caching system
- Enable dynamic certificate issuance for new domains
- Support automatic HTTP-to-HTTPS redirects for secured domains
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-03-11 12:45:22 +00:00
philkunz
27a2bcb556
feat(NetworkProxy): Add support for array-based destinations and integration with PortProxy
...
- Update NetworkProxy to support new IReverseProxyConfig interface with destinationIps[] and destinationPorts[]
- Add load balancing with round-robin selection of destination endpoints
- Create automatic conversion of PortProxy domain configs to NetworkProxy configs
- Implement backward compatibility to ensure tests continue to work
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-03-11 12:34:24 +00:00
philkunz
0674ca7163
3.34.0
Default (tags) / security (push) Failing after 12m28s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 11:34:29 +00:00
philkunz
e31c84493f
feat(core): Improve wildcard domain matching and enhance NetworkProxy integration in PortProxy. Added support for TLD wildcards and complex wildcard patterns in the router, and refactored TLS renegotiation handling for stricter SNI enforcement.
2025-03-11 11:34:29 +00:00
philkunz