From 52f652fbafeca4a548f60a354d80cd264ec78077 Mon Sep 17 00:00:00 2001 From: Toby Chui Date: Wed, 17 Sep 2025 07:37:21 +0800 Subject: [PATCH] Enable SNI offload in HTTPS proxy connections Updated the ReverseProxy's ProxyHTTPS method to use tls.Dial with SNI support when connecting to upstream servers. Also incremented SYSTEM_VERSION to 3.2.7. --- src/def.go | 2 +- src/mod/dynamicproxy/dpcore/dpcore.go | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/def.go b/src/def.go index 35b58eb..99f3122 100644 --- a/src/def.go +++ b/src/def.go @@ -44,7 +44,7 @@ import ( const ( /* Build Constants */ SYSTEM_NAME = "Zoraxy" - SYSTEM_VERSION = "3.2.6" + SYSTEM_VERSION = "3.2.7" DEVELOPMENT_BUILD = false /* System Constants */ diff --git a/src/mod/dynamicproxy/dpcore/dpcore.go b/src/mod/dynamicproxy/dpcore/dpcore.go index 23f1034..bc2cc54 100644 --- a/src/mod/dynamicproxy/dpcore/dpcore.go +++ b/src/mod/dynamicproxy/dpcore/dpcore.go @@ -2,10 +2,10 @@ package dpcore import ( "context" + "crypto/tls" "errors" "io" "log" - "net" "net/http" "net/url" "strings" @@ -391,7 +391,6 @@ func (p *ReverseProxy) ProxyHTTP(rw http.ResponseWriter, req *http.Request, rrr return res.StatusCode, nil } - func (p *ReverseProxy) ProxyHTTPS(rw http.ResponseWriter, req *http.Request) (int, error) { hij, ok := rw.(http.Hijacker) if !ok { @@ -407,12 +406,23 @@ func (p *ReverseProxy) ProxyHTTPS(rw http.ResponseWriter, req *http.Request) (in return http.StatusInternalServerError, err } - proxyConn, err := net.Dial("tcp", req.URL.Host) + // Extract SNI/hostname for TLS handshake + host := req.URL.Host + if !strings.Contains(host, ":") { + host += ":443" + } + serverName := req.URL.Hostname() + + // Connect with SNI offload + tlsConfig := &tls.Config{ + ServerName: serverName, + } + proxyConn, err := tls.Dial("tcp", host, tlsConfig) if err != nil { if p.Verbal { p.logf("http: proxy error: %v", err) } - + clientConn.Close() return http.StatusInternalServerError, err }