Philipp Kunz
ddfbcdb1f3
fix(SniHandler): Refactor SniHandler: update whitespace, comment formatting, and consistent type definitions
2025-03-12 10:54:24 +00:00
Philipp Kunz
b401d126bc
3.41.5
Default (tags) / security (push) Successful in 35s
Default (tags) / test (push) Failing after 1m6s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-12 10:27:26 +00:00
Philipp Kunz
baaee0ad4d
fix(portproxy): Enforce TLS handshake and SNI validation on port 443 by blocking non-TLS connections and terminating session resumption attempts without SNI when allowSessionTicket is disabled.
2025-03-12 10:27:25 +00:00
Philipp Kunz
fe7c4c2f5e
3.41.4
Default (tags) / security (push) Successful in 30s
Default (tags) / test (push) Failing after 1m0s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-12 10:01:54 +00:00
Philipp Kunz
ab1ec84832
fix(tls/sni): Improve logging for TLS session resumption by extracting and logging SNI values from ClientHello messages.
2025-03-12 10:01:54 +00:00
Philipp Kunz
156abbf5b4
3.41.3
Default (tags) / security (push) Failing after 10m42s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-12 09:56:21 +00:00
Philipp Kunz
1a90566622
fix(TLS/SNI): Improve TLS session resumption handling and logging. Now, session resumption attempts are always logged with details, and connections without a proper SNI are rejected when allowSessionTicket is disabled. In addition, empty SNI extensions are explicitly treated as missing, ensuring stricter and more consistent TLS handshake validation.
2025-03-12 09:56:21 +00:00
Philipp Kunz
b48b90d613
3.41.2
Default (tags) / security (push) Successful in 28s
Default (tags) / test (push) Failing after 1m10s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 19:41:04 +00:00
Philipp Kunz
124f8d48b7
fix(SniHandler): Refactor hasSessionResumption to return detailed session resumption info
2025-03-11 19:41:04 +00:00
Philipp Kunz
b2a57ada5d
3.41.1
Default (tags) / security (push) Successful in 30s
Default (tags) / test (push) Failing after 1m12s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 19:38:41 +00:00
Philipp Kunz
62a3e1f4b7
fix(SniHandler): Improve TLS SNI session resumption handling: connections containing a session ticket are now only rejected when no SNI is present and allowSessionTicket is disabled. Updated return values and logging for clearer resumption detection.
2025-03-11 19:38:41 +00:00
Philipp Kunz
3a1485213a
3.41.0
Default (tags) / security (push) Failing after 10m42s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 19:31:20 +00:00
Philipp Kunz
9dbf6fdeb5
feat(PortProxy/TLS): Add allowSessionTicket option to control TLS session ticket handling
2025-03-11 19:31:20 +00:00
Philipp Kunz
9496dd5336
3.40.0
Default (tags) / security (push) Failing after 11m44s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 18:05:20 +00:00
Philipp Kunz
29d28fba93
feat(SniHandler): Add session cache support and tab reactivation detection to improve SNI extraction in TLS handshakes
2025-03-11 18:05:20 +00:00
Philipp Kunz
8196de4fa3
3.39.0
Default (tags) / security (push) Successful in 35s
Default (tags) / test (push) Failing after 1m2s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:50:57 +00:00
Philipp Kunz
6fddafe9fd
feat(PortProxy): Add domain-specific NetworkProxy integration support to PortProxy
2025-03-11 17:50:56 +00:00
Philipp Kunz
1e89062167
3.38.2
Default (tags) / security (push) Successful in 22s
Default (tags) / test (push) Failing after 1m11s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:38:32 +00:00
Philipp Kunz
21a24fd95b
fix(core): No code changes detected; bumping patch version for consistency.
2025-03-11 17:38:32 +00:00
Philipp Kunz
03ef5e7f6e
3.38.1
Default (tags) / security (push) Successful in 21s
Default (tags) / test (push) Failing after 1m1s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:37:43 +00:00
Philipp Kunz
415b82a84a
fix(PortProxy): Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.
2025-03-11 17:37:43 +00:00
Philipp Kunz
f304cc67b4
3.38.0
Default (tags) / security (push) Successful in 29s
Default (tags) / test (push) Failing after 1m1s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:33:31 +00:00
Philipp Kunz
0e12706176
feat(SniHandler): Enhance SNI extraction to support fragmented ClientHello messages, TLS 1.3 early data, and improved PSK parsing
2025-03-11 17:33:31 +00:00
Philipp Kunz
6daf4c914d
3.37.3
Default (tags) / security (push) Failing after 13m6s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 17:23:57 +00:00
Philipp Kunz
36e4341315
fix(snihandler): Enhance SNI extraction to support TLS 1.3 PSK-based session resumption by adding a dedicated extractSNIFromPSKExtension method and improved logging for session resumption indicators.
2025-03-11 17:23:57 +00:00
Philipp Kunz
474134d29c
3.37.2
Default (tags) / security (push) Successful in 20s
Default (tags) / test (push) Failing after 1m10s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:05:15 +00:00
Philipp Kunz
43378becd2
fix(PortProxy): Improve buffering and data handling during connection setup in PortProxy to prevent data loss
2025-03-11 17:05:15 +00:00
Philipp Kunz
5ba8eb778f
3.37.1
Default (tags) / security (push) Successful in 36s
Default (tags) / test (push) Failing after 1m2s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 17:01:07 +00:00
Philipp Kunz
87d26c86a1
fix(PortProxy/SNI): Refactor SNI extraction in PortProxy to use the dedicated SniHandler class
2025-03-11 17:01:07 +00:00
Philipp Kunz
d81cf94876
3.37.0
Default (tags) / security (push) Failing after 10m56s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 12:56:04 +00:00
Philipp Kunz
8d06f1533e
feat(portproxy): Add ACME certificate management options to PortProxy, update ACME settings handling, and bump dependency versions
2025-03-11 12:56:03 +00:00
Philipp Kunz
223be61c8d
3.35.0
2025-03-11 12:45:55 +00:00
Philipp Kunz
6a693f4d86
feat(NetworkProxy): Integrate Port80Handler for automatic ACME certificate management
...
- Add ACME certificate management capabilities to NetworkProxy
- Implement automatic certificate issuance and renewal
- Add SNI support for serving the correct certificates
- Create certificate storage and caching system
- Enable dynamic certificate issuance for new domains
- Support automatic HTTP-to-HTTPS redirects for secured domains
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-03-11 12:45:22 +00:00
Philipp Kunz
27a2bcb556
feat(NetworkProxy): Add support for array-based destinations and integration with PortProxy
...
- Update NetworkProxy to support new IReverseProxyConfig interface with destinationIps[] and destinationPorts[]
- Add load balancing with round-robin selection of destination endpoints
- Create automatic conversion of PortProxy domain configs to NetworkProxy configs
- Implement backward compatibility to ensure tests continue to work
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-03-11 12:34:24 +00:00
Philipp Kunz
0674ca7163
3.34.0
Default (tags) / security (push) Failing after 12m28s
Default (tags) / test (push) Has been cancelled
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 11:34:29 +00:00
Philipp Kunz
e31c84493f
feat(core): Improve wildcard domain matching and enhance NetworkProxy integration in PortProxy. Added support for TLD wildcards and complex wildcard patterns in the router, and refactored TLS renegotiation handling for stricter SNI enforcement.
2025-03-11 11:34:29 +00:00
Philipp Kunz
d2ad659d37
3.33.0
Default (tags) / security (push) Successful in 34s
Default (tags) / test (push) Failing after 14m16s
Default (tags) / release (push) Has been cancelled
Default (tags) / metadata (push) Has been cancelled
2025-03-11 09:57:06 +00:00
Philipp Kunz
df7a12041e
feat(portproxy): Add browser-friendly mode and SNI renegotiation configuration options to PortProxy
2025-03-11 09:57:06 +00:00
Philipp Kunz
2b69150545
3.32.2
Default (tags) / security (push) Successful in 35s
Default (tags) / test (push) Failing after 1m2s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 09:12:40 +00:00
Philipp Kunz
85cc57ae10
fix(PortProxy): Simplify TLS handshake SNI extraction and update timeout settings in PortProxy for improved maintainability and reliability.
2025-03-11 09:12:40 +00:00
Philipp Kunz
e021b66898
3.32.1
Default (tags) / security (push) Successful in 30s
Default (tags) / test (push) Failing after 1m3s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 04:39:17 +00:00
Philipp Kunz
865d21b36a
fix(portproxy): Relax TLS handshake and connection timeout settings for improved stability in chained proxy scenarios; update TLS session cache defaults and add keep-alive flags to connection records.
2025-03-11 04:39:17 +00:00
Philipp Kunz
58ba0d9362
3.32.0
Default (tags) / security (push) Successful in 34s
Default (tags) / test (push) Failing after 1m2s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 04:24:29 +00:00
Philipp Kunz
ccccc5b8c8
feat(PortProxy): Enhance TLS session cache, SNI extraction, and chained proxy support in PortProxy. Improve handling of multiple and fragmented TLS records, and add new configuration options (isChainedProxy, chainPosition, aggressiveTlsRefresh, tlsSessionCache) for robust TLS certificate refresh.
2025-03-11 04:24:29 +00:00
Philipp Kunz
d8466a866c
3.31.2
Default (tags) / security (push) Successful in 28s
Default (tags) / test (push) Failing after 1m3s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 03:56:09 +00:00
Philipp Kunz
119b643690
fix(PortProxy): Improve SNI renegotiation handling by adding flexible domain configuration matching on rehandshake and session resumption events.
2025-03-11 03:56:09 +00:00
Philipp Kunz
98f1e0df4c
3.31.1
Default (tags) / security (push) Successful in 37s
Default (tags) / test (push) Failing after 1m3s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 03:48:10 +00:00
Philipp Kunz
d6022c8f8a
fix(PortProxy): Improve TLS handshake buffering and enhance debug logging for SNI forwarding in PortProxy
2025-03-11 03:48:10 +00:00
Philipp Kunz
0ea0f02428
fix(PortProxy): Improve connection reliability for initial and resumed TLS sessions
...
Added enhanced connection handling to fix issues with both initial connections and TLS session resumption:
1. Improved debugging for connection setup with detailed logging
2. Added explicit timeout for backend connections to prevent hanging connections
3. Enhanced error recovery for connection failures with faster client notification
4. Added detailed session tracking to maintain domain context across TLS sessions
5. Fixed handling of TLS renegotiation with improved activity timestamp updates
This should address the issue where initial connections may fail but subsequent retries succeed,
as well as ensuring proper certificate selection for resumed TLS sessions.
🤖 Generated with [Claude Code](https://claude.ai/code )
Co-Authored-By: Claude <noreply@anthropic.com>
2025-03-11 03:33:03 +00:00
Philipp Kunz
e452f55203
3.31.0
Default (tags) / security (push) Successful in 35s
Default (tags) / test (push) Failing after 1m4s
Default (tags) / release (push) Has been skipped
Default (tags) / metadata (push) Has been skipped
2025-03-11 03:16:04 +00:00
