4.1.14

fix(ConnectionHandler): Use the correct TLS alert data and increase the delay before socket termination when session resumption without SNI is detected.
2025-03-17 13:19:18 +00:00 · 2025-03-17 13:19:18 +00:00
4 changed files with 10 additions and 4 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,11 @@
 # Changelog

+## 2025-03-17 - 4.1.14 - fix(ConnectionHandler)
+Use the correct TLS alert data and increase the delay before socket termination when session resumption without SNI is detected.
+
+- Replaced certificateExpiredAlert with serverNameUnknownAlertData for sending the appropriate alert.
+- Increased the cleanup delay from 1000ms to 5000ms to allow a more graceful termination.
+
 ## 2025-03-17 - 4.1.13 - fix(tls-handshake)
 Set certificate_expired TLS alert level to warning instead of fatal to allow graceful termination.

--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "@push.rocks/smartproxy",
-  "version": "4.1.13",
+  "version": "4.1.14",
  "private": false,
  "description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.",
  "main": "dist_ts/index.js",
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartproxy',
-  version: '4.1.13',
+  version: '4.1.14',
  description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
 }
--- a/ts/classes.pp.connectionhandler.ts
+++ b/ts/classes.pp.connectionhandler.ts
@ -618,7 +618,7 @@ export class ConnectionHandler {
            try {
              // Use cork/uncork to ensure the alert is sent as a single packet
              socket.cork();
-              const writeSuccessful = socket.write(certificateExpiredAlert);
+              const writeSuccessful = socket.write(serverNameUnknownAlertData);
              socket.uncork();
              
              // Function to handle the clean socket termination - but more gradually
@ -630,7 +630,7 @@ export class ConnectionHandler {
                // Log the cleanup but wait for natural closure
                setTimeout(() => {
                  this.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
-                }, 1000); // Longer delay to let socket cleanup happen naturally
+                }, 5000); // Longer delay to let socket cleanup happen naturally
              };
              
              if (writeSuccessful) {
Author	SHA1	Message	Date
Philipp Kunz	1611f65455	4.1.14 Some checks failed Default (tags) / security (push) Successful in 21s Details Default (tags) / test (push) Failing after 1m9s Details Default (tags) / release (push) Has been skipped Details Default (tags) / metadata (push) Has been skipped Details	2025-03-17 13:19:18 +00:00
Philipp Kunz	c6350e271a	fix(ConnectionHandler): Use the correct TLS alert data and increase the delay before socket termination when session resumption without SNI is detected.	2025-03-17 13:19:18 +00:00