3.18.0

changelog.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 2025-02-27 - 3.18.0 - feat(PortProxy)
+Add SNI-based renegotiation handling in PortProxy
+
+- Introduced a new field 'lockedDomain' in IConnectionRecord to store initial SNI.
+- Enhanced connection management by enforcing termination if rehandshake is detected with different SNI.
+
+## 2025-02-27 - 3.17.1 - fix(PortProxy)
+Fix handling of SNI re-negotiation in PortProxy
+
+- Removed connection locking to the initially negotiated SNI
+- Improved handling of SNI during renegotiation in PortProxy
+
 ## 2025-02-27 - 3.17.0 - feat(smartproxy)
 Enhance description clarity and improve SNI handling with domain locking.
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartproxy",
-  "version": "3.17.0",
+  "version": "3.18.0",
   "private": false,
   "description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.",
   "main": "dist_ts/index.js",

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '3.17.0',
+  version: '3.18.0',
   description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, and dynamic routing with authentication options.'
 }

ts/classes.portproxy.ts

@@ -370,16 +370,19 @@ export class PortProxy {
           // Lock the connection to the negotiated SNI.
           connectionRecord.lockedDomain = serverName;
           console.log(`Received connection from ${remoteIP} with SNI: ${serverName}`);
-          // Add an extra data listener to check for a renegotiated ClientHello.
+          // Delay adding the renegotiation listener until the next tick,
-          socket.on('data', (chunk: Buffer) => {
+          // so the initial ClientHello is not reprocessed.
-            if (chunk.length > 0 && chunk.readUInt8(0) === 22) {
+          setImmediate(() => {
-              const newSNI = extractSNI(chunk);
+            socket.on('data', (renegChunk: Buffer) => {
+              if (renegChunk.length > 0 && renegChunk.readUInt8(0) === 22) {
+                const newSNI = extractSNI(renegChunk);
                 if (newSNI && newSNI !== connectionRecord.lockedDomain) {
                   console.log(`Rehandshake detected with different SNI: ${newSNI} vs locked ${connectionRecord.lockedDomain}. Terminating connection.`);
                   cleanupOnce();
                 }
               }
             });
+          });
           setupConnection(serverName, chunk);
         });
       } else {