Update to the latest read-tls-client-hello

Author: pimterry

package-lock.json

@@ -40,7 +40,7 @@
     "dns-packet": "^5.6.1",
     "lodash": "^4.17.23",
     "parse-multipart-data": "^1.5.0",
-    "read-tls-client-hello": "^1.1.0",
+    "read-tls-client-hello": "^2.0.0",
     "tsx": "^4.19.3",
     "ws": "^8.19.0"
   },

package.json

@@ -1,6 +1,7 @@
 import * as http from 'http';
 import * as http2 from 'http2';
 import { MaybePromise, StatusError } from '@httptoolkit/util';
+import { getExtensionData } from 'read-tls-client-hello';
 
 import { httpEndpoints, tlsEndpoints } from './endpoints/endpoint-index.js';
 import { HttpRequest, HttpResponse } from './endpoints/http-index.js';
@@ -75,7 +76,11 @@ function createHttpRequestHandler(options: {
             const authority = req.headers[':authority']?.toString();
             if (authority) {
                 const hostWithoutPort = authority.replace(/:\d+$/, '').toLowerCase();
-                const sni = socket.stream?.[TLS_CLIENT_HELLO]?.serverName?.toLowerCase();
+                const tlsClientHello = socket.stream?.[TLS_CLIENT_HELLO];
+                const sni = (tlsClientHello
+                    ? getExtensionData(tlsClientHello, 'sni')?.serverName
+                    : undefined
+                )?.toLowerCase();
 
                 if (sni && sni !== hostWithoutPort) {
                     res.writeHead(421, { 'content-type': 'text/plain' });

src/http-handler.ts

@@ -2,8 +2,8 @@ import * as net from 'net';
 
 import {
     readTlsClientHello,
-    calculateJa3FromFingerprintData,
-    calculateJa4FromHelloData,
+    calculateJa3,
+    calculateJa4,
 } from 'read-tls-client-hello';
 
 import { createHttp1Handler, createHttp2Handler } from './http-handler.js';
@@ -176,8 +176,8 @@ const createTcpHandler = async (options: ServerOptions = {}) => {
                 const helloData = await readTlsClientHello(conn);
                 conn[TLS_CLIENT_HELLO] = {
                     ...helloData,
-                    ja3: calculateJa3FromFingerprintData(helloData.fingerprintData),
-                    ja4: calculateJa4FromHelloData(helloData)
+                    ja3: calculateJa3(helloData),
+                    ja4: calculateJa4(helloData)
                 };
             } catch (e) {
                 // Non-TLS traffic or malformed client hello - continue without fingerprint

src/server.ts

@@ -1,8 +1,8 @@
-import type { TlsHelloData } from 'read-tls-client-hello';
+import type { TlsClientHelloMessage } from 'read-tls-client-hello';
 
 export const TLS_CLIENT_HELLO: unique symbol = Symbol('tlsClientHello');
 
-export interface TlsClientHelloData extends TlsHelloData {
+export interface TlsClientHelloData extends TlsClientHelloMessage {
     ja3: string;
     ja4: string;
 }

src/tls-client-hello.ts

@@ -3,12 +3,14 @@ import * as crypto from 'node:crypto';
 import * as stream from 'stream';
 import { EventEmitter } from 'events';
 
+import { ErrorLike } from '@httptoolkit/util';
+import { getExtensionData } from 'read-tls-client-hello';
+
 import { ConnectionProcessor } from './process-connection.js';
 import { LocalCA } from './tls-certificates/local-ca.js';
 import { CertOptions, calculateCertCacheKey } from './tls-certificates/cert-definitions.js';
 import { SecureContextCache } from './tls-certificates/secure-context-cache.js';
 import { tlsEndpoints } from './endpoints/endpoint-index.js';
-import { ErrorLike } from '@httptoolkit/util';
 import { PROXY_PROTOCOL } from './proxy-protocol.js';
 import { TLS_CLIENT_HELLO } from './tls-client-hello.js';
 
@@ -137,7 +139,10 @@ class TlsConnectionHandler {
 
     async handleConnection(rawSocket: stream.Duplex) {
         try {
-            const serverName = rawSocket[TLS_CLIENT_HELLO]?.serverName;
+            const tlsClientHello = rawSocket[TLS_CLIENT_HELLO];
+            const serverName = tlsClientHello
+                ? getExtensionData(tlsClientHello, 'sni')?.serverName
+                : undefined;
             const domain = serverName || this.tlsConfig.rootDomain;
 
             const serverNameParts = getSNIPrefixParts(domain, this.tlsConfig.rootDomain);
@@ -185,8 +190,9 @@ class TlsConnectionHandler {
                 : DEFAULT_ALPN_PROTOCOLS;
 
             // Check if client requested OCSP stapling (extension 5 = status_request)
-            const clientExtensions = rawSocket[TLS_CLIENT_HELLO]?.fingerprintData?.[2];
-            const clientRequestedOCSP = clientExtensions?.includes(5) ?? false;
+            const clientRequestedOCSP = tlsClientHello
+                ? !!getExtensionData(tlsClientHello, 'status_request')
+                : false;
 
             const tlsSocket = new tls.TLSSocket(rawSocket, {
                 isServer: true,