Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1611f65455 | |||
| c6350e271a | |||
| 0fb5e5ea50 | |||
| 35f6739b3c | |||
| 4634c68ea6 | |||
| e126032b61 |
19
changelog.md
19
changelog.md
@ -1,5 +1,24 @@
|
||||
# Changelog
|
||||
|
||||
## 2025-03-17 - 4.1.14 - fix(ConnectionHandler)
|
||||
Use the correct TLS alert data and increase the delay before socket termination when session resumption without SNI is detected.
|
||||
|
||||
- Replaced certificateExpiredAlert with serverNameUnknownAlertData for sending the appropriate alert.
|
||||
- Increased the cleanup delay from 1000ms to 5000ms to allow a more graceful termination.
|
||||
|
||||
## 2025-03-17 - 4.1.13 - fix(tls-handshake)
|
||||
Set certificate_expired TLS alert level to warning instead of fatal to allow graceful termination.
|
||||
|
||||
- In the TLS handshake alert for certificate_expired (0x2F), changed the alert level from 0x02 (fatal) to 0x01 (warning).
|
||||
- This change avoids abrupt connection termination, enabling a smoother handling of certificate expiration alerts.
|
||||
|
||||
## 2025-03-17 - 4.1.12 - fix(classes.pp.connectionhandler)
|
||||
Replace unrecognized_name alert data with certificate_expired alert in TLS handshake handling for session resumption without SNI
|
||||
|
||||
- Switched the alert payload from serverNameUnknownAlertData to a new certificateExpiredAlert buffer
|
||||
- Now sends a fatal certificate_expired alert (code 47) instead of a warning unrecognized_name alert
|
||||
- Improves TLS error reporting and encourages immediate disconnection when a ClientHello lacks SNI and session tickets are disallowed
|
||||
|
||||
## 2025-03-17 - 4.1.11 - fix(connectionhandler)
|
||||
Increase delay before cleaning up connections when session resumption is blocked due to missing SNI, allowing more natural socket termination.
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@push.rocks/smartproxy",
|
||||
"version": "4.1.11",
|
||||
"version": "4.1.14",
|
||||
"private": false,
|
||||
"description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.",
|
||||
"main": "dist_ts/index.js",
|
||||
|
||||
@ -3,6 +3,6 @@
|
||||
*/
|
||||
export const commitinfo = {
|
||||
name: '@push.rocks/smartproxy',
|
||||
version: '4.1.11',
|
||||
version: '4.1.14',
|
||||
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
|
||||
}
|
||||
|
||||
@ -605,6 +605,16 @@ export class ConnectionHandler {
|
||||
0x00, // close_notify alert (0)
|
||||
]);
|
||||
|
||||
const certificateExpiredAlert = Buffer.from([
|
||||
0x15, // Alert record type
|
||||
0x03,
|
||||
0x03, // TLS 1.2 version
|
||||
0x00,
|
||||
0x02, // Length
|
||||
0x01, // Warning alert level (1)
|
||||
0x2F, // certificate_expired alert (47)
|
||||
]);
|
||||
|
||||
try {
|
||||
// Use cork/uncork to ensure the alert is sent as a single packet
|
||||
socket.cork();
|
||||
@ -620,7 +630,7 @@ export class ConnectionHandler {
|
||||
// Log the cleanup but wait for natural closure
|
||||
setTimeout(() => {
|
||||
this.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
|
||||
}, 1000); // Longer delay to let socket cleanup happen naturally
|
||||
}, 5000); // Longer delay to let socket cleanup happen naturally
|
||||
};
|
||||
|
||||
if (writeSuccessful) {
|
||||
|
||||
Reference in New Issue
Block a user