Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 6daf4c914d | |||
| 36e4341315 | |||
| 474134d29c | |||
| 43378becd2 |
15
changelog.md
15
changelog.md
@ -1,5 +1,20 @@
|
||||
# Changelog
|
||||
|
||||
## 2025-03-11 - 3.37.3 - fix(snihandler)
|
||||
Enhance SNI extraction to support TLS 1.3 PSK-based session resumption by adding a dedicated extractSNIFromPSKExtension method and improved logging for session resumption indicators.
|
||||
|
||||
- Defined TLS_PSK_EXTENSION_TYPE and TLS_PSK_KE_MODES_EXTENSION_TYPE constants.
|
||||
- Added extractSNIFromPSKExtension method to handle ClientHello messages containing PSK identities.
|
||||
- Improved logging to indicate when session resumption indicators (ticket or PSK) are present but no standard SNI is found.
|
||||
- Enhanced extractSNIWithResumptionSupport to attempt PSK extraction if standard SNI extraction fails.
|
||||
|
||||
## 2025-03-11 - 3.37.2 - fix(PortProxy)
|
||||
Improve buffering and data handling during connection setup in PortProxy to prevent data loss
|
||||
|
||||
- Added a safeDataHandler and processDataQueue to buffer incoming data reliably during the TLS handshake phase
|
||||
- Introduced a queue with pause/resume logic to avoid exceeding maxPendingDataSize and ensure all pending data is flushed before piping begins
|
||||
- Refactored the piping setup to install the renegotiation handler only after proper data flushing
|
||||
|
||||
## 2025-03-11 - 3.37.1 - fix(PortProxy/SNI)
|
||||
Refactor SNI extraction in PortProxy to use the dedicated SniHandler class
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@push.rocks/smartproxy",
|
||||
"version": "3.37.1",
|
||||
"version": "3.37.3",
|
||||
"private": false,
|
||||
"description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.",
|
||||
"main": "dist_ts/index.js",
|
||||
|
||||
@ -3,6 +3,6 @@
|
||||
*/
|
||||
export const commitinfo = {
|
||||
name: '@push.rocks/smartproxy',
|
||||
version: '3.37.1',
|
||||
version: '3.37.3',
|
||||
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
|
||||
}
|
||||
|
||||
@ -566,44 +566,104 @@ export class PortProxy {
|
||||
connectionOptions.localAddress = record.remoteIP.replace('::ffff:', '');
|
||||
}
|
||||
|
||||
// Create a safe queue for incoming data using a Buffer array
|
||||
// We'll use this to ensure we don't lose data during handler transitions
|
||||
const dataQueue: Buffer[] = [];
|
||||
let queueSize = 0;
|
||||
let processingQueue = false;
|
||||
let drainPending = false;
|
||||
|
||||
// Flag to track if we've switched to the final piping mechanism
|
||||
// Once this is true, we no longer buffer data in dataQueue
|
||||
let pipingEstablished = false;
|
||||
|
||||
// Pause the incoming socket to prevent buffer overflows
|
||||
// This ensures we control the flow of data until piping is set up
|
||||
socket.pause();
|
||||
|
||||
// Temporary handler to collect data during connection setup
|
||||
const tempDataHandler = (chunk: Buffer) => {
|
||||
// Track bytes received
|
||||
record.bytesReceived += chunk.length;
|
||||
// Function to safely process the data queue without losing events
|
||||
const processDataQueue = () => {
|
||||
if (processingQueue || dataQueue.length === 0 || pipingEstablished) return;
|
||||
|
||||
processingQueue = true;
|
||||
|
||||
try {
|
||||
// Process all queued chunks with the current active handler
|
||||
while (dataQueue.length > 0) {
|
||||
const chunk = dataQueue.shift()!;
|
||||
queueSize -= chunk.length;
|
||||
|
||||
// Once piping is established, we shouldn't get here,
|
||||
// but just in case, pass to the outgoing socket directly
|
||||
if (pipingEstablished && record.outgoing) {
|
||||
record.outgoing.write(chunk);
|
||||
continue;
|
||||
}
|
||||
|
||||
// Track bytes received
|
||||
record.bytesReceived += chunk.length;
|
||||
|
||||
// Check for TLS handshake
|
||||
if (!record.isTLS && SniHandler.isTlsHandshake(chunk)) {
|
||||
record.isTLS = true;
|
||||
// Check for TLS handshake
|
||||
if (!record.isTLS && SniHandler.isTlsHandshake(chunk)) {
|
||||
record.isTLS = true;
|
||||
|
||||
if (this.settings.enableTlsDebugLogging) {
|
||||
console.log(
|
||||
`[${connectionId}] TLS handshake detected in tempDataHandler, ${chunk.length} bytes`
|
||||
);
|
||||
if (this.settings.enableTlsDebugLogging) {
|
||||
console.log(
|
||||
`[${connectionId}] TLS handshake detected in tempDataHandler, ${chunk.length} bytes`
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Check if adding this chunk would exceed the buffer limit
|
||||
const newSize = record.pendingDataSize + chunk.length;
|
||||
|
||||
if (this.settings.maxPendingDataSize && newSize > this.settings.maxPendingDataSize) {
|
||||
console.log(
|
||||
`[${connectionId}] Buffer limit exceeded for connection from ${record.remoteIP}: ${newSize} bytes > ${this.settings.maxPendingDataSize} bytes`
|
||||
);
|
||||
socket.end(); // Gracefully close the socket
|
||||
this.initiateCleanupOnce(record, 'buffer_limit_exceeded');
|
||||
return;
|
||||
}
|
||||
|
||||
// Buffer the chunk and update the size counter
|
||||
record.pendingData.push(Buffer.from(chunk));
|
||||
record.pendingDataSize = newSize;
|
||||
this.updateActivity(record);
|
||||
}
|
||||
} finally {
|
||||
processingQueue = false;
|
||||
|
||||
// If there's a pending drain and we've processed everything,
|
||||
// signal we're ready for more data if we haven't established piping yet
|
||||
if (drainPending && dataQueue.length === 0 && !pipingEstablished) {
|
||||
drainPending = false;
|
||||
socket.resume();
|
||||
}
|
||||
}
|
||||
|
||||
// Check if adding this chunk would exceed the buffer limit
|
||||
const newSize = record.pendingDataSize + chunk.length;
|
||||
|
||||
if (this.settings.maxPendingDataSize && newSize > this.settings.maxPendingDataSize) {
|
||||
console.log(
|
||||
`[${connectionId}] Buffer limit exceeded for connection from ${record.remoteIP}: ${newSize} bytes > ${this.settings.maxPendingDataSize} bytes`
|
||||
);
|
||||
socket.end(); // Gracefully close the socket
|
||||
return this.initiateCleanupOnce(record, 'buffer_limit_exceeded');
|
||||
}
|
||||
|
||||
// Buffer the chunk and update the size counter
|
||||
record.pendingData.push(Buffer.from(chunk));
|
||||
record.pendingDataSize = newSize;
|
||||
this.updateActivity(record);
|
||||
};
|
||||
|
||||
// Add the temp handler to capture all incoming data during connection setup
|
||||
socket.on('data', tempDataHandler);
|
||||
// Unified data handler that safely queues incoming data
|
||||
const safeDataHandler = (chunk: Buffer) => {
|
||||
// If piping is already established, just let the pipe handle it
|
||||
if (pipingEstablished) return;
|
||||
|
||||
// Add to our queue for orderly processing
|
||||
dataQueue.push(Buffer.from(chunk)); // Make a copy to be safe
|
||||
queueSize += chunk.length;
|
||||
|
||||
// If queue is getting large, pause socket until we catch up
|
||||
if (this.settings.maxPendingDataSize && queueSize > this.settings.maxPendingDataSize * 0.8) {
|
||||
socket.pause();
|
||||
drainPending = true;
|
||||
}
|
||||
|
||||
// Process the queue
|
||||
processDataQueue();
|
||||
};
|
||||
|
||||
// Add our safe data handler
|
||||
socket.on('data', safeDataHandler);
|
||||
|
||||
// Add initial chunk to pending data if present
|
||||
if (initialChunk) {
|
||||
@ -776,56 +836,32 @@ export class PortProxy {
|
||||
// Add the normal error handler for established connections
|
||||
targetSocket.on('error', this.handleError('outgoing', record));
|
||||
|
||||
// Remove temporary data handler
|
||||
socket.removeListener('data', tempDataHandler);
|
||||
|
||||
// Flush all pending data to target
|
||||
if (record.pendingData.length > 0) {
|
||||
const combinedData = Buffer.concat(record.pendingData);
|
||||
targetSocket.write(combinedData, (err) => {
|
||||
if (err) {
|
||||
console.log(`[${connectionId}] Error writing pending data to target: ${err.message}`);
|
||||
return this.initiateCleanupOnce(record, 'write_error');
|
||||
}
|
||||
|
||||
// Now set up piping for future data and resume the socket
|
||||
socket.pipe(targetSocket);
|
||||
targetSocket.pipe(socket);
|
||||
socket.resume(); // Resume the socket after piping is established
|
||||
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(
|
||||
`[${connectionId}] Connection established: ${record.remoteIP} -> ${targetHost}:${connectionOptions.port}` +
|
||||
`${
|
||||
serverName
|
||||
? ` (SNI: ${serverName})`
|
||||
: domainConfig
|
||||
? ` (Port-based for domain: ${domainConfig.domains.join(', ')})`
|
||||
: ''
|
||||
}` +
|
||||
` TLS: ${record.isTLS ? 'Yes' : 'No'}, Keep-Alive: ${
|
||||
record.hasKeepAlive ? 'Yes' : 'No'
|
||||
}`
|
||||
);
|
||||
} else {
|
||||
console.log(
|
||||
`Connection established: ${record.remoteIP} -> ${targetHost}:${connectionOptions.port}` +
|
||||
`${
|
||||
serverName
|
||||
? ` (SNI: ${serverName})`
|
||||
: domainConfig
|
||||
? ` (Port-based for domain: ${domainConfig.domains.join(', ')})`
|
||||
: ''
|
||||
}`
|
||||
);
|
||||
}
|
||||
});
|
||||
} else {
|
||||
// No pending data, so just set up piping
|
||||
// Process any remaining data in the queue before switching to piping
|
||||
processDataQueue();
|
||||
|
||||
// Setup function to establish piping - we'll use this after flushing data
|
||||
const setupPiping = () => {
|
||||
// Mark that we're switching to piping mode
|
||||
pipingEstablished = true;
|
||||
|
||||
// Setup piping in both directions
|
||||
socket.pipe(targetSocket);
|
||||
targetSocket.pipe(socket);
|
||||
socket.resume(); // Resume the socket after piping is established
|
||||
|
||||
|
||||
// Resume the socket to ensure data flows
|
||||
socket.resume();
|
||||
|
||||
// Process any data that might be queued in the interim
|
||||
if (dataQueue.length > 0) {
|
||||
// Write any remaining queued data directly to the target socket
|
||||
for (const chunk of dataQueue) {
|
||||
targetSocket.write(chunk);
|
||||
}
|
||||
// Clear the queue
|
||||
dataQueue.length = 0;
|
||||
queueSize = 0;
|
||||
}
|
||||
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(
|
||||
`[${connectionId}] Connection established: ${record.remoteIP} -> ${targetHost}:${connectionOptions.port}` +
|
||||
@ -852,6 +888,23 @@ export class PortProxy {
|
||||
}`
|
||||
);
|
||||
}
|
||||
};
|
||||
|
||||
// Flush all pending data to target
|
||||
if (record.pendingData.length > 0) {
|
||||
const combinedData = Buffer.concat(record.pendingData);
|
||||
targetSocket.write(combinedData, (err) => {
|
||||
if (err) {
|
||||
console.log(`[${connectionId}] Error writing pending data to target: ${err.message}`);
|
||||
return this.initiateCleanupOnce(record, 'write_error');
|
||||
}
|
||||
|
||||
// Establish piping now that we've flushed the buffered data
|
||||
setupPiping();
|
||||
});
|
||||
} else {
|
||||
// No pending data, just establish piping immediately
|
||||
setupPiping();
|
||||
}
|
||||
|
||||
// Clear the buffer now that we've processed it
|
||||
@ -859,6 +912,7 @@ export class PortProxy {
|
||||
record.pendingDataSize = 0;
|
||||
|
||||
// Add the renegotiation handler for SNI validation with strict domain enforcement
|
||||
// This will be called after we've established piping
|
||||
if (serverName) {
|
||||
// Define a handler for checking renegotiation with improved detection
|
||||
const renegotiationHandler = (renegChunk: Buffer) => {
|
||||
@ -895,8 +949,13 @@ export class PortProxy {
|
||||
// Store the handler in the connection record so we can remove it during cleanup
|
||||
record.renegotiationHandler = renegotiationHandler;
|
||||
|
||||
// Add the listener
|
||||
// The renegotiation handler is added when piping is established
|
||||
// Making it part of setupPiping ensures proper sequencing of event handlers
|
||||
socket.on('data', renegotiationHandler);
|
||||
|
||||
if (this.settings.enableDetailedLogging) {
|
||||
console.log(`[${connectionId}] TLS renegotiation handler installed for SNI domain: ${serverName}`);
|
||||
}
|
||||
}
|
||||
|
||||
// Set connection timeout with simpler logic
|
||||
@ -1056,13 +1115,16 @@ export class PortProxy {
|
||||
const bytesReceived = record.bytesReceived;
|
||||
const bytesSent = record.bytesSent;
|
||||
|
||||
// Remove the renegotiation handler if present
|
||||
if (record.renegotiationHandler && record.incoming) {
|
||||
// Remove all data handlers (both standard and renegotiation) to make sure we clean up properly
|
||||
if (record.incoming) {
|
||||
try {
|
||||
record.incoming.removeListener('data', record.renegotiationHandler);
|
||||
// Remove our safe data handler
|
||||
record.incoming.removeAllListeners('data');
|
||||
|
||||
// Reset the handler references
|
||||
record.renegotiationHandler = undefined;
|
||||
} catch (err) {
|
||||
console.log(`[${record.id}] Error removing renegotiation handler: ${err}`);
|
||||
console.log(`[${record.id}] Error removing data handlers: ${err}`);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -11,6 +11,8 @@ export class SniHandler {
|
||||
private static readonly TLS_SNI_EXTENSION_TYPE = 0x0000;
|
||||
private static readonly TLS_SESSION_TICKET_EXTENSION_TYPE = 0x0023;
|
||||
private static readonly TLS_SNI_HOST_NAME_TYPE = 0;
|
||||
private static readonly TLS_PSK_EXTENSION_TYPE = 0x0029; // Pre-Shared Key extension type for TLS 1.3
|
||||
private static readonly TLS_PSK_KE_MODES_EXTENSION_TYPE = 0x002D; // PSK Key Exchange Modes
|
||||
|
||||
/**
|
||||
* Checks if a buffer contains a TLS handshake message (record type 22)
|
||||
@ -178,6 +180,7 @@ export class SniHandler {
|
||||
|
||||
// Track if we found session tickets (for improved resumption handling)
|
||||
let hasSessionTicket = false;
|
||||
let hasPskExtension = false;
|
||||
|
||||
// Iterate through extensions
|
||||
while (pos + 4 <= extensionsEnd) {
|
||||
@ -275,15 +278,21 @@ export class SniHandler {
|
||||
log('Found session ticket extension');
|
||||
hasSessionTicket = true;
|
||||
pos += extensionLength; // Skip this extension
|
||||
} else if (extensionType === this.TLS_PSK_EXTENSION_TYPE) {
|
||||
// TLS 1.3 PSK extension - mark for resumption support
|
||||
log('Found PSK extension (TLS 1.3 resumption indicator)');
|
||||
hasPskExtension = true;
|
||||
// We'll skip the extension here and process it separately if needed
|
||||
pos += extensionLength;
|
||||
} else {
|
||||
// Skip this extension
|
||||
pos += extensionLength;
|
||||
}
|
||||
}
|
||||
|
||||
// Log if we found a session ticket but no SNI
|
||||
if (hasSessionTicket) {
|
||||
log('Session ticket present but no SNI found - possible resumption scenario');
|
||||
// Log if we found session resumption indicators but no SNI
|
||||
if (hasSessionTicket || hasPskExtension) {
|
||||
log('Session resumption indicators present but no SNI found');
|
||||
}
|
||||
|
||||
log('No SNI extension found in ClientHello');
|
||||
@ -294,12 +303,177 @@ export class SniHandler {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Attempts to extract SNI from the PSK extension in a TLS 1.3 ClientHello.
|
||||
*
|
||||
* In TLS 1.3, when a client attempts to resume a session, it may include
|
||||
* the server name in the PSK identity hint rather than in the SNI extension.
|
||||
*
|
||||
* @param buffer - The buffer containing the TLS ClientHello message
|
||||
* @param enableLogging - Whether to enable detailed debug logging
|
||||
* @returns The extracted server name or undefined if not found
|
||||
*/
|
||||
public static extractSNIFromPSKExtension(
|
||||
buffer: Buffer,
|
||||
enableLogging: boolean = false
|
||||
): string | undefined {
|
||||
const log = (message: string) => {
|
||||
if (enableLogging) {
|
||||
console.log(`[PSK-SNI Extraction] ${message}`);
|
||||
}
|
||||
};
|
||||
|
||||
try {
|
||||
// Ensure this is a ClientHello
|
||||
if (!this.isClientHello(buffer)) {
|
||||
log('Not a ClientHello message');
|
||||
return undefined;
|
||||
}
|
||||
|
||||
// Find the start position of extensions
|
||||
let pos = 5; // Start after record header
|
||||
|
||||
// Skip handshake type (1 byte)
|
||||
pos += 1;
|
||||
|
||||
// Skip handshake length (3 bytes)
|
||||
pos += 3;
|
||||
|
||||
// Skip client version (2 bytes)
|
||||
pos += 2;
|
||||
|
||||
// Skip client random (32 bytes)
|
||||
pos += 32;
|
||||
|
||||
// Skip session ID
|
||||
if (pos + 1 > buffer.length) return undefined;
|
||||
const sessionIdLength = buffer[pos];
|
||||
pos += 1 + sessionIdLength;
|
||||
|
||||
// Skip cipher suites
|
||||
if (pos + 2 > buffer.length) return undefined;
|
||||
const cipherSuitesLength = (buffer[pos] << 8) + buffer[pos + 1];
|
||||
pos += 2 + cipherSuitesLength;
|
||||
|
||||
// Skip compression methods
|
||||
if (pos + 1 > buffer.length) return undefined;
|
||||
const compressionMethodsLength = buffer[pos];
|
||||
pos += 1 + compressionMethodsLength;
|
||||
|
||||
// Check if we have extensions
|
||||
if (pos + 2 > buffer.length) {
|
||||
log('No extensions present');
|
||||
return undefined;
|
||||
}
|
||||
|
||||
// Get extensions length
|
||||
const extensionsLength = (buffer[pos] << 8) + buffer[pos + 1];
|
||||
pos += 2;
|
||||
|
||||
// Extensions end position
|
||||
const extensionsEnd = pos + extensionsLength;
|
||||
if (extensionsEnd > buffer.length) return undefined;
|
||||
|
||||
// Look for PSK extension
|
||||
while (pos + 4 <= extensionsEnd) {
|
||||
const extensionType = (buffer[pos] << 8) + buffer[pos + 1];
|
||||
pos += 2;
|
||||
|
||||
const extensionLength = (buffer[pos] << 8) + buffer[pos + 1];
|
||||
pos += 2;
|
||||
|
||||
if (extensionType === this.TLS_PSK_EXTENSION_TYPE) {
|
||||
log('Found PSK extension');
|
||||
|
||||
// PSK extension structure:
|
||||
// 2 bytes: identities list length
|
||||
if (pos + 2 > extensionsEnd) break;
|
||||
const identitiesLength = (buffer[pos] << 8) + buffer[pos + 1];
|
||||
pos += 2;
|
||||
|
||||
// End of identities list
|
||||
const identitiesEnd = pos + identitiesLength;
|
||||
if (identitiesEnd > extensionsEnd) break;
|
||||
|
||||
// Process each PSK identity
|
||||
while (pos + 2 <= identitiesEnd) {
|
||||
// Identity length (2 bytes)
|
||||
if (pos + 2 > identitiesEnd) break;
|
||||
const identityLength = (buffer[pos] << 8) + buffer[pos + 1];
|
||||
pos += 2;
|
||||
|
||||
if (pos + identityLength > identitiesEnd) break;
|
||||
|
||||
// Try to extract hostname from identity
|
||||
// Chrome often embeds the hostname in the PSK identity
|
||||
// This is a heuristic as there's no standard format
|
||||
if (identityLength > 0) {
|
||||
const identity = buffer.slice(pos, pos + identityLength);
|
||||
|
||||
// Skip identity bytes
|
||||
pos += identityLength;
|
||||
|
||||
// Skip obfuscated ticket age (4 bytes)
|
||||
pos += 4;
|
||||
|
||||
// Try to parse the identity as UTF-8
|
||||
try {
|
||||
const identityStr = identity.toString('utf8');
|
||||
log(`PSK identity: ${identityStr}`);
|
||||
|
||||
// Check if the identity contains hostname hints
|
||||
// Chrome often embeds the hostname in a known format
|
||||
// Try to extract using common patterns
|
||||
|
||||
// Pattern 1: Look for domain name pattern
|
||||
const domainPattern = /([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?/i;
|
||||
const domainMatch = identityStr.match(domainPattern);
|
||||
if (domainMatch && domainMatch[0]) {
|
||||
log(`Found domain in PSK identity: ${domainMatch[0]}`);
|
||||
return domainMatch[0];
|
||||
}
|
||||
|
||||
// Pattern 2: Chrome sometimes uses a specific format with delimiters
|
||||
// This is a heuristic approach since the format isn't standardized
|
||||
const parts = identityStr.split('|');
|
||||
if (parts.length > 1) {
|
||||
for (const part of parts) {
|
||||
if (part.includes('.') && !part.includes('/')) {
|
||||
const possibleDomain = part.trim();
|
||||
if (/^[a-z0-9.-]+$/i.test(possibleDomain)) {
|
||||
log(`Found possible domain in PSK delimiter format: ${possibleDomain}`);
|
||||
return possibleDomain;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (e) {
|
||||
log('Failed to parse PSK identity as UTF-8');
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// Skip this extension
|
||||
pos += extensionLength;
|
||||
}
|
||||
}
|
||||
|
||||
log('No hostname found in PSK extension');
|
||||
return undefined;
|
||||
} catch (error) {
|
||||
log(`Error parsing PSK: ${error instanceof Error ? error.message : String(error)}`);
|
||||
return undefined;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Attempts to extract SNI from an initial ClientHello packet and handles
|
||||
* session resumption edge cases more robustly than the standard extraction.
|
||||
*
|
||||
* This method is specifically designed for Chrome and other browsers that
|
||||
* may send different ClientHello formats during session resumption.
|
||||
* This method handles:
|
||||
* 1. Standard SNI extraction
|
||||
* 2. TLS 1.3 PSK-based resumption (Chrome, Firefox, etc.)
|
||||
* 3. Session ticket-based resumption
|
||||
*
|
||||
* @param buffer - The buffer containing the TLS ClientHello message
|
||||
* @param enableLogging - Whether to enable detailed debug logging
|
||||
@ -312,6 +486,9 @@ export class SniHandler {
|
||||
// First try the standard SNI extraction
|
||||
const standardSni = this.extractSNI(buffer, enableLogging);
|
||||
if (standardSni) {
|
||||
if (enableLogging) {
|
||||
console.log(`[SNI Extraction] Found standard SNI: ${standardSni}`);
|
||||
}
|
||||
return standardSni;
|
||||
}
|
||||
|
||||
@ -322,8 +499,19 @@ export class SniHandler {
|
||||
console.log('[SNI Extraction] Detected ClientHello without standard SNI, possible session resumption');
|
||||
}
|
||||
|
||||
// Additional handling could be implemented here for specific browser behaviors
|
||||
// For now, this is a placeholder for future improvements
|
||||
// Try to extract from PSK extension (TLS 1.3 resumption)
|
||||
const pskSni = this.extractSNIFromPSKExtension(buffer, enableLogging);
|
||||
if (pskSni) {
|
||||
if (enableLogging) {
|
||||
console.log(`[SNI Extraction] Extracted SNI from PSK extension: ${pskSni}`);
|
||||
}
|
||||
return pskSni;
|
||||
}
|
||||
|
||||
// Could add more browser-specific heuristics here if needed
|
||||
if (enableLogging) {
|
||||
console.log('[SNI Extraction] Failed to extract SNI from resumption mechanisms');
|
||||
}
|
||||
}
|
||||
|
||||
return undefined;
|
||||
|
||||
Reference in New Issue
Block a user