Enable SNI offload in HTTPS proxy connections

Updated the ReverseProxy's ProxyHTTPS method to use tls.Dial with SNI support when connecting to upstream servers. Also incremented SYSTEM_VERSION to 3.2.7.
2025-09-19 02:29:45 +02:00 · 2025-09-17 07:37:21 +08:00
parent d5a980094b
commit 52f652fbaf
2 changed files with 15 additions and 5 deletions
--- a/src/def.go
+++ b/src/def.go
@@ -44,7 +44,7 @@ import (
 const (
 	/* Build Constants */
 	SYSTEM_NAME       = "Zoraxy"
-	SYSTEM_VERSION    = "3.2.6"
+	SYSTEM_VERSION    = "3.2.7"
 	DEVELOPMENT_BUILD = false

 	/* System Constants */
--- a/src/mod/dynamicproxy/dpcore/dpcore.go
+++ b/src/mod/dynamicproxy/dpcore/dpcore.go
@@ -2,10 +2,10 @@ package dpcore

 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"io"
 	"log"
-	"net"
 	"net/http"
 	"net/url"
 	"strings"
@@ -391,7 +391,6 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr

 	return res.StatusCode, nil
 }
-
 func (p *ReverseProxy) ProxyHTTPS(rw http.ResponseWriter, req *http.Request) (int, error) {
 	hij, ok := rw.(http.Hijacker)
 	if !ok {
@@ -407,12 +406,23 @@ func (p *ReverseProxy) ProxyHTTPS(rw http.ResponseWriter, req *http.Request) (in
 		return http.StatusInternalServerError, err
 	}

-	proxyConn, err := net.Dial("tcp", req.URL.Host)
+	// Extract SNI/hostname for TLS handshake
+	host := req.URL.Host
+	if !strings.Contains(host, ":") {
+		host += ":443"
+	}
+	serverName := req.URL.Hostname()
+
+	// Connect with SNI offload
+	tlsConfig := &tls.Config{
+		ServerName: serverName,
+	}
+	proxyConn, err := tls.Dial("tcp", host, tlsConfig)
 	if err != nil {
 		if p.Verbal {
 			p.logf("http: proxy error: %v", err)
 		}
-
+		clientConn.Close()
 		return http.StatusInternalServerError, err
 	}