426249e70e
fix(connectionhandler): Ensure proper termination of TLS connections without SNI by explicitly ending the socket after sending the unrecognized_name alert. This prevents the connection from hanging and avoids potential duplicate handling.
2025-03-18 00:29:17 +00:00
b55e2da23e
feat(tlsalert): add sendForceSniSequence and sendFatalAndClose helper functions to TlsAlert for improved SNI enforcement
2025-03-17 14:27:10 +00:00
ca6f6de798
fix(tls): Improve TLS alert handling in connection handler: use the new TlsAlert class to send proper unrecognized_name alerts when a ClientHello is missing SNI and wait for a retry on the same connection before closing. Also, add alertFallbackTimeout tracking to connection records for better timeout management.
2025-03-17 13:37:48 +00:00
22f46700f1
fix(connectionhandler): Delay socket termination in TLS session resumption handling to allow proper alert processing
2025-03-17 13:23:07 +00:00
c6350e271a
fix(ConnectionHandler): Use the correct TLS alert data and increase the delay before socket termination when session resumption without SNI is detected.
2025-03-17 13:19:18 +00:00
35f6739b3c
fix(tls-handshake): Set certificate_expired TLS alert level to warning instead of fatal to allow graceful termination.
2025-03-17 13:15:12 +00:00
e126032b61
fix(classes.pp.connectionhandler): Replace unrecognized_name alert data with certificate_expired alert in TLS handshake handling for session resumption without SNI
2025-03-17 13:09:54 +00:00
e8639e1b01
fix(connectionhandler): Increase delay before cleaning up connections when session resumption is blocked due to missing SNI, allowing more natural socket termination.
2025-03-17 13:00:02 +00:00
a70c123007
fix(connectionhandler): Increase delay timings for TLS alert transmission in session ticket blocking to allow graceful socket termination
2025-03-16 14:49:25 +00:00
f72db86e37
fix(ConnectionHandler): Replace closeNotify alert with handshake failure alert in TLS ClientHello handling to properly signal missing SNI and enforce session ticket restrictions.
2025-03-16 14:13:35 +00:00
1c34578c36
fix(ConnectionHandler/tls): Change the TLS alert sent when a ClientHello lacks SNI: use the close_notify alert instead of handshake_failure to prompt immediate retry with SNI.
2025-03-16 14:02:18 +00:00
67ddf97547
fix(classes.pp.connectionhandler): Improve TLS alert handling in ClientHello when SNI is missing and session tickets are disallowed
2025-03-16 13:47:34 +00:00
2b6464acd5
fix(tls): Refine TLS ClientHello handling when allowSessionTicket is false by replacing extensive alert timeout logic with a concise warning alert and short delay, encouraging immediate client retry with proper SNI
2025-03-16 13:28:48 +00:00
9dd402054d
fix(TLS/ConnectionHandler): Improve handling of TLS session resumption without SNI by sending an unrecognized_name alert instead of immediately terminating the connection. This change adds a grace period for the client to retry the handshake with proper SNI and cleans up the connection if no valid response is received.
2025-03-16 13:19:37 +00:00
cad0e6a2b2
fix(ConnectionHandler): Refactor ConnectionHandler code formatting for improved readability and consistency in log messages and whitespace handling
2025-03-15 19:10:54 +00:00
ee79f9ab7c
fix(connectionhandler): Improve handling of TLS ClientHello messages when allowSessionTicket is disabled and no SNI is provided by sending a warning alert (unrecognized_name, code 0x70) with a proper callback and delay to ensure the alert is transmitted before closing the connection.
2025-03-15 18:51:50 +00:00
97982976c8
fix(connectionhandler): Send proper TLS alert before terminating connections when SNI is missing and session tickets are disallowed.
2025-03-15 17:16:18 +00:00
252a987344
fix(tls): Enforce strict SNI handling in TLS connections by terminating ClientHello messages lacking SNI when session tickets are disallowed and removing legacy session cache code.
2025-03-15 17:00:10 +00:00
e2ee673197
BREAKING CHANGE(core): refactor: reorganize internal module structure to use classes.pp.* modules
...
- Renamed port proxy and SNI handler source files to classes.pp.portproxy.js and classes.pp.snihandler.js respectively
- Updated import paths in index.ts and test files (e.g. in test.ts and test.router.ts) to reference the new file names
- This refactor improves code organization but breaks direct imports from the old paths
2025-03-14 09:53:25 +00:00
