4.1.15

changelog.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## 2025-03-17 - 4.1.15 - fix(connectionhandler)
+Delay socket termination in TLS session resumption handling to allow proper alert processing
+
+- Removed the immediate socket.end() call in finishConnection and moved it inside the setTimeout, ensuring that clients (especially Chrome) have additional time to process the TLS alert before connection termination
+- This prevents premature socket closure on ClientHello without SNI when session tickets are disallowed
+
+## 2025-03-17 - 4.1.14 - fix(ConnectionHandler)
+Use the correct TLS alert data and increase the delay before socket termination when session resumption without SNI is detected.
+
+- Replaced certificateExpiredAlert with serverNameUnknownAlertData for sending the appropriate alert.
+- Increased the cleanup delay from 1000ms to 5000ms to allow a more graceful termination.
+
+## 2025-03-17 - 4.1.13 - fix(tls-handshake)
+Set certificate_expired TLS alert level to warning instead of fatal to allow graceful termination.
+
+- In the TLS handshake alert for certificate_expired (0x2F), changed the alert level from 0x02 (fatal) to 0x01 (warning).
+- This change avoids abrupt connection termination, enabling a smoother handling of certificate expiration alerts.
+
 ## 2025-03-17 - 4.1.12 - fix(classes.pp.connectionhandler)
 Replace unrecognized_name alert data with certificate_expired alert in TLS handshake handling for session resumption without SNI
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartproxy",
-  "version": "4.1.12",
+  "version": "4.1.15",
   "private": false,
   "description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.",
   "main": "dist_ts/index.js",

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '4.1.12',
+  version: '4.1.15',
   description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
 }

ts/classes.pp.connectionhandler.ts

@@ -611,26 +611,26 @@ export class ConnectionHandler {
               0x03, // TLS 1.2 version
               0x00,
               0x02, // Length
-              0x02, // Fatal alert level (2)
+              0x01, // Warning alert level (1)
               0x2F, // certificate_expired alert (47)
             ]);
 
             try {
               // Use cork/uncork to ensure the alert is sent as a single packet
               socket.cork();
-              const writeSuccessful = socket.write(certificateExpiredAlert);
+              const writeSuccessful = socket.write(serverNameUnknownAlertData);
               socket.uncork();
               
               // Function to handle the clean socket termination - but more gradually
               const finishConnection = () => {
                 // Give Chrome more time to process the alert before closing
                 // We won't call destroy() at all - just end() and let the socket close naturally
-                socket.end();
                 
                 // Log the cleanup but wait for natural closure
                 setTimeout(() => {
+                  socket.end();
                   this.connectionManager.cleanupConnection(record, 'session_ticket_blocked_no_sni');
-                }, 1000); // Longer delay to let socket cleanup happen naturally
+                }, 5000); // Longer delay to let socket cleanup happen naturally
               };
               
               if (writeSuccessful) {