@push.rocks/smartproxy 21.0.0 → 21.1.1

package/dist_ts/protocols/tls/alerts/tls-alert.d.ts

@@ -0,0 +1,150 @@
+import * as plugins from '../../../plugins.js';
+import { TlsAlertLevel, TlsAlertDescription } from '../utils/tls-utils.js';
+/**
+ * TlsAlert class for creating and sending TLS alert messages
+ */
+export declare class TlsAlert {
+    static readonly LEVEL_WARNING = TlsAlertLevel.WARNING;
+    static readonly LEVEL_FATAL = TlsAlertLevel.FATAL;
+    static readonly CLOSE_NOTIFY = TlsAlertDescription.CLOSE_NOTIFY;
+    static readonly UNEXPECTED_MESSAGE = TlsAlertDescription.UNEXPECTED_MESSAGE;
+    static readonly BAD_RECORD_MAC = TlsAlertDescription.BAD_RECORD_MAC;
+    static readonly DECRYPTION_FAILED = TlsAlertDescription.DECRYPTION_FAILED;
+    static readonly RECORD_OVERFLOW = TlsAlertDescription.RECORD_OVERFLOW;
+    static readonly DECOMPRESSION_FAILURE = TlsAlertDescription.DECOMPRESSION_FAILURE;
+    static readonly HANDSHAKE_FAILURE = TlsAlertDescription.HANDSHAKE_FAILURE;
+    static readonly NO_CERTIFICATE = TlsAlertDescription.NO_CERTIFICATE;
+    static readonly BAD_CERTIFICATE = TlsAlertDescription.BAD_CERTIFICATE;
+    static readonly UNSUPPORTED_CERTIFICATE = TlsAlertDescription.UNSUPPORTED_CERTIFICATE;
+    static readonly CERTIFICATE_REVOKED = TlsAlertDescription.CERTIFICATE_REVOKED;
+    static readonly CERTIFICATE_EXPIRED = TlsAlertDescription.CERTIFICATE_EXPIRED;
+    static readonly CERTIFICATE_UNKNOWN = TlsAlertDescription.CERTIFICATE_UNKNOWN;
+    static readonly ILLEGAL_PARAMETER = TlsAlertDescription.ILLEGAL_PARAMETER;
+    static readonly UNKNOWN_CA = TlsAlertDescription.UNKNOWN_CA;
+    static readonly ACCESS_DENIED = TlsAlertDescription.ACCESS_DENIED;
+    static readonly DECODE_ERROR = TlsAlertDescription.DECODE_ERROR;
+    static readonly DECRYPT_ERROR = TlsAlertDescription.DECRYPT_ERROR;
+    static readonly EXPORT_RESTRICTION = TlsAlertDescription.EXPORT_RESTRICTION;
+    static readonly PROTOCOL_VERSION = TlsAlertDescription.PROTOCOL_VERSION;
+    static readonly INSUFFICIENT_SECURITY = TlsAlertDescription.INSUFFICIENT_SECURITY;
+    static readonly INTERNAL_ERROR = TlsAlertDescription.INTERNAL_ERROR;
+    static readonly INAPPROPRIATE_FALLBACK = TlsAlertDescription.INAPPROPRIATE_FALLBACK;
+    static readonly USER_CANCELED = TlsAlertDescription.USER_CANCELED;
+    static readonly NO_RENEGOTIATION = TlsAlertDescription.NO_RENEGOTIATION;
+    static readonly MISSING_EXTENSION = TlsAlertDescription.MISSING_EXTENSION;
+    static readonly UNSUPPORTED_EXTENSION = TlsAlertDescription.UNSUPPORTED_EXTENSION;
+    static readonly CERTIFICATE_REQUIRED = TlsAlertDescription.CERTIFICATE_REQUIRED;
+    static readonly UNRECOGNIZED_NAME = TlsAlertDescription.UNRECOGNIZED_NAME;
+    static readonly BAD_CERTIFICATE_STATUS_RESPONSE = TlsAlertDescription.BAD_CERTIFICATE_STATUS_RESPONSE;
+    static readonly BAD_CERTIFICATE_HASH_VALUE = TlsAlertDescription.BAD_CERTIFICATE_HASH_VALUE;
+    static readonly UNKNOWN_PSK_IDENTITY = TlsAlertDescription.UNKNOWN_PSK_IDENTITY;
+    static readonly CERTIFICATE_REQUIRED_1_3 = TlsAlertDescription.CERTIFICATE_REQUIRED_1_3;
+    static readonly NO_APPLICATION_PROTOCOL = TlsAlertDescription.NO_APPLICATION_PROTOCOL;
+    /**
+     * Create a TLS alert buffer with the specified level and description code
+     *
+     * @param level Alert level (warning or fatal)
+     * @param description Alert description code
+     * @param tlsVersion TLS version bytes (default is TLS 1.2: 0x0303)
+     * @returns Buffer containing the TLS alert message
+     */
+    static create(level: number, description: number, tlsVersion?: [number, number]): Buffer;
+    /**
+     * Create a warning-level TLS alert
+     *
+     * @param description Alert description code
+     * @returns Buffer containing the warning-level TLS alert message
+     */
+    static createWarning(description: number): Buffer;
+    /**
+     * Create a fatal-level TLS alert
+     *
+     * @param description Alert description code
+     * @returns Buffer containing the fatal-level TLS alert message
+     */
+    static createFatal(description: number): Buffer;
+    /**
+     * Send a TLS alert to a socket and optionally close the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param level Alert level (warning or fatal)
+     * @param description Alert description code
+     * @param closeAfterSend Whether to close the connection after sending the alert
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static send(socket: plugins.net.Socket, level: number, description: number, closeAfterSend?: boolean, closeDelay?: number): Promise<void>;
+    /**
+     * Pre-defined TLS alert messages
+     */
+    static readonly alerts: {
+        closeNotify: Buffer<ArrayBufferLike>;
+        unsupportedExtension: Buffer<ArrayBufferLike>;
+        certificateRequired: Buffer<ArrayBufferLike>;
+        unrecognizedName: Buffer<ArrayBufferLike>;
+        noRenegotiation: Buffer<ArrayBufferLike>;
+        userCanceled: Buffer<ArrayBufferLike>;
+        certificateExpiredWarning: Buffer<ArrayBufferLike>;
+        handshakeFailureWarning: Buffer<ArrayBufferLike>;
+        insufficientSecurityWarning: Buffer<ArrayBufferLike>;
+        unexpectedMessage: Buffer<ArrayBufferLike>;
+        badRecordMac: Buffer<ArrayBufferLike>;
+        recordOverflow: Buffer<ArrayBufferLike>;
+        handshakeFailure: Buffer<ArrayBufferLike>;
+        badCertificate: Buffer<ArrayBufferLike>;
+        certificateExpired: Buffer<ArrayBufferLike>;
+        certificateUnknown: Buffer<ArrayBufferLike>;
+        illegalParameter: Buffer<ArrayBufferLike>;
+        unknownCA: Buffer<ArrayBufferLike>;
+        accessDenied: Buffer<ArrayBufferLike>;
+        decodeError: Buffer<ArrayBufferLike>;
+        decryptError: Buffer<ArrayBufferLike>;
+        protocolVersion: Buffer<ArrayBufferLike>;
+        insufficientSecurity: Buffer<ArrayBufferLike>;
+        internalError: Buffer<ArrayBufferLike>;
+        unrecognizedNameFatal: Buffer<ArrayBufferLike>;
+    };
+    /**
+     * Utility method to send a warning-level unrecognized_name alert
+     * Specifically designed for SNI issues to encourage the client to retry with SNI
+     *
+     * @param socket The socket to send the alert to
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static sendSniRequired(socket: plugins.net.Socket): Promise<void>;
+    /**
+     * Utility method to send a close_notify alert and close the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent and the connection closed
+     */
+    static sendCloseNotify(socket: plugins.net.Socket, closeDelay?: number): Promise<void>;
+    /**
+     * Utility method to send a certificate_expired alert to force new TLS session
+     *
+     * @param socket The socket to send the alert to
+     * @param fatal Whether to send as a fatal alert (default: false)
+     * @param closeAfterSend Whether to close the connection after sending the alert (default: true)
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static sendCertificateExpired(socket: plugins.net.Socket, fatal?: boolean, closeAfterSend?: boolean, closeDelay?: number): Promise<void>;
+    /**
+     * Send a sequence of alerts to force SNI from clients
+     * This combines multiple alerts to ensure maximum browser compatibility
+     *
+     * @param socket The socket to send the alerts to
+     * @returns Promise that resolves when all alerts have been sent
+     */
+    static sendForceSniSequence(socket: plugins.net.Socket): Promise<void>;
+    /**
+     * Send a fatal level alert that immediately terminates the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param description Alert description code
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 100ms)
+     * @returns Promise that resolves when the alert has been sent and the connection closed
+     */
+    static sendFatalAndClose(socket: plugins.net.Socket, description: number, closeDelay?: number): Promise<void>;
+}

package/dist_ts/protocols/tls/alerts/tls-alert.js

@@ -0,0 +1,226 @@
+import * as plugins from '../../../plugins.js';
+import { TlsAlertLevel, TlsAlertDescription, TlsVersion } from '../utils/tls-utils.js';
+/**
+ * TlsAlert class for creating and sending TLS alert messages
+ */
+export class TlsAlert {
+    // Use enum values from TlsAlertLevel
+    static { this.LEVEL_WARNING = TlsAlertLevel.WARNING; }
+    static { this.LEVEL_FATAL = TlsAlertLevel.FATAL; }
+    // Use enum values from TlsAlertDescription
+    static { this.CLOSE_NOTIFY = TlsAlertDescription.CLOSE_NOTIFY; }
+    static { this.UNEXPECTED_MESSAGE = TlsAlertDescription.UNEXPECTED_MESSAGE; }
+    static { this.BAD_RECORD_MAC = TlsAlertDescription.BAD_RECORD_MAC; }
+    static { this.DECRYPTION_FAILED = TlsAlertDescription.DECRYPTION_FAILED; }
+    static { this.RECORD_OVERFLOW = TlsAlertDescription.RECORD_OVERFLOW; }
+    static { this.DECOMPRESSION_FAILURE = TlsAlertDescription.DECOMPRESSION_FAILURE; }
+    static { this.HANDSHAKE_FAILURE = TlsAlertDescription.HANDSHAKE_FAILURE; }
+    static { this.NO_CERTIFICATE = TlsAlertDescription.NO_CERTIFICATE; }
+    static { this.BAD_CERTIFICATE = TlsAlertDescription.BAD_CERTIFICATE; }
+    static { this.UNSUPPORTED_CERTIFICATE = TlsAlertDescription.UNSUPPORTED_CERTIFICATE; }
+    static { this.CERTIFICATE_REVOKED = TlsAlertDescription.CERTIFICATE_REVOKED; }
+    static { this.CERTIFICATE_EXPIRED = TlsAlertDescription.CERTIFICATE_EXPIRED; }
+    static { this.CERTIFICATE_UNKNOWN = TlsAlertDescription.CERTIFICATE_UNKNOWN; }
+    static { this.ILLEGAL_PARAMETER = TlsAlertDescription.ILLEGAL_PARAMETER; }
+    static { this.UNKNOWN_CA = TlsAlertDescription.UNKNOWN_CA; }
+    static { this.ACCESS_DENIED = TlsAlertDescription.ACCESS_DENIED; }
+    static { this.DECODE_ERROR = TlsAlertDescription.DECODE_ERROR; }
+    static { this.DECRYPT_ERROR = TlsAlertDescription.DECRYPT_ERROR; }
+    static { this.EXPORT_RESTRICTION = TlsAlertDescription.EXPORT_RESTRICTION; }
+    static { this.PROTOCOL_VERSION = TlsAlertDescription.PROTOCOL_VERSION; }
+    static { this.INSUFFICIENT_SECURITY = TlsAlertDescription.INSUFFICIENT_SECURITY; }
+    static { this.INTERNAL_ERROR = TlsAlertDescription.INTERNAL_ERROR; }
+    static { this.INAPPROPRIATE_FALLBACK = TlsAlertDescription.INAPPROPRIATE_FALLBACK; }
+    static { this.USER_CANCELED = TlsAlertDescription.USER_CANCELED; }
+    static { this.NO_RENEGOTIATION = TlsAlertDescription.NO_RENEGOTIATION; }
+    static { this.MISSING_EXTENSION = TlsAlertDescription.MISSING_EXTENSION; }
+    static { this.UNSUPPORTED_EXTENSION = TlsAlertDescription.UNSUPPORTED_EXTENSION; }
+    static { this.CERTIFICATE_REQUIRED = TlsAlertDescription.CERTIFICATE_REQUIRED; }
+    static { this.UNRECOGNIZED_NAME = TlsAlertDescription.UNRECOGNIZED_NAME; }
+    static { this.BAD_CERTIFICATE_STATUS_RESPONSE = TlsAlertDescription.BAD_CERTIFICATE_STATUS_RESPONSE; }
+    static { this.BAD_CERTIFICATE_HASH_VALUE = TlsAlertDescription.BAD_CERTIFICATE_HASH_VALUE; }
+    static { this.UNKNOWN_PSK_IDENTITY = TlsAlertDescription.UNKNOWN_PSK_IDENTITY; }
+    static { this.CERTIFICATE_REQUIRED_1_3 = TlsAlertDescription.CERTIFICATE_REQUIRED_1_3; }
+    static { this.NO_APPLICATION_PROTOCOL = TlsAlertDescription.NO_APPLICATION_PROTOCOL; }
+    /**
+     * Create a TLS alert buffer with the specified level and description code
+     *
+     * @param level Alert level (warning or fatal)
+     * @param description Alert description code
+     * @param tlsVersion TLS version bytes (default is TLS 1.2: 0x0303)
+     * @returns Buffer containing the TLS alert message
+     */
+    static create(level, description, tlsVersion = [TlsVersion.TLS1_2[0], TlsVersion.TLS1_2[1]]) {
+        return Buffer.from([
+            0x15, // Alert record type
+            tlsVersion[0],
+            tlsVersion[1], // TLS version (default to TLS 1.2: 0x0303)
+            0x00,
+            0x02, // Length
+            level, // Alert level
+            description, // Alert description
+        ]);
+    }
+    /**
+     * Create a warning-level TLS alert
+     *
+     * @param description Alert description code
+     * @returns Buffer containing the warning-level TLS alert message
+     */
+    static createWarning(description) {
+        return this.create(this.LEVEL_WARNING, description);
+    }
+    /**
+     * Create a fatal-level TLS alert
+     *
+     * @param description Alert description code
+     * @returns Buffer containing the fatal-level TLS alert message
+     */
+    static createFatal(description) {
+        return this.create(this.LEVEL_FATAL, description);
+    }
+    /**
+     * Send a TLS alert to a socket and optionally close the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param level Alert level (warning or fatal)
+     * @param description Alert description code
+     * @param closeAfterSend Whether to close the connection after sending the alert
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static async send(socket, level, description, closeAfterSend = false, closeDelay = 200) {
+        const alert = this.create(level, description);
+        return new Promise((resolve, reject) => {
+            try {
+                // Ensure the alert is written as a single packet
+                socket.cork();
+                const writeSuccessful = socket.write(alert, (err) => {
+                    if (err) {
+                        reject(err);
+                        return;
+                    }
+                    if (closeAfterSend) {
+                        setTimeout(() => {
+                            socket.end();
+                            resolve();
+                        }, closeDelay);
+                    }
+                    else {
+                        resolve();
+                    }
+                });
+                socket.uncork();
+                // If write wasn't successful immediately, wait for drain
+                if (!writeSuccessful && !closeAfterSend) {
+                    socket.once('drain', () => {
+                        resolve();
+                    });
+                }
+            }
+            catch (err) {
+                reject(err);
+            }
+        });
+    }
+    /**
+     * Pre-defined TLS alert messages
+     */
+    static { this.alerts = {
+        // Warning level alerts
+        closeNotify: TlsAlert.createWarning(TlsAlert.CLOSE_NOTIFY),
+        unsupportedExtension: TlsAlert.createWarning(TlsAlert.UNSUPPORTED_EXTENSION),
+        certificateRequired: TlsAlert.createWarning(TlsAlert.CERTIFICATE_REQUIRED),
+        unrecognizedName: TlsAlert.createWarning(TlsAlert.UNRECOGNIZED_NAME),
+        noRenegotiation: TlsAlert.createWarning(TlsAlert.NO_RENEGOTIATION),
+        userCanceled: TlsAlert.createWarning(TlsAlert.USER_CANCELED),
+        // Warning level alerts for session resumption
+        certificateExpiredWarning: TlsAlert.createWarning(TlsAlert.CERTIFICATE_EXPIRED),
+        handshakeFailureWarning: TlsAlert.createWarning(TlsAlert.HANDSHAKE_FAILURE),
+        insufficientSecurityWarning: TlsAlert.createWarning(TlsAlert.INSUFFICIENT_SECURITY),
+        // Fatal level alerts
+        unexpectedMessage: TlsAlert.createFatal(TlsAlert.UNEXPECTED_MESSAGE),
+        badRecordMac: TlsAlert.createFatal(TlsAlert.BAD_RECORD_MAC),
+        recordOverflow: TlsAlert.createFatal(TlsAlert.RECORD_OVERFLOW),
+        handshakeFailure: TlsAlert.createFatal(TlsAlert.HANDSHAKE_FAILURE),
+        badCertificate: TlsAlert.createFatal(TlsAlert.BAD_CERTIFICATE),
+        certificateExpired: TlsAlert.createFatal(TlsAlert.CERTIFICATE_EXPIRED),
+        certificateUnknown: TlsAlert.createFatal(TlsAlert.CERTIFICATE_UNKNOWN),
+        illegalParameter: TlsAlert.createFatal(TlsAlert.ILLEGAL_PARAMETER),
+        unknownCA: TlsAlert.createFatal(TlsAlert.UNKNOWN_CA),
+        accessDenied: TlsAlert.createFatal(TlsAlert.ACCESS_DENIED),
+        decodeError: TlsAlert.createFatal(TlsAlert.DECODE_ERROR),
+        decryptError: TlsAlert.createFatal(TlsAlert.DECRYPT_ERROR),
+        protocolVersion: TlsAlert.createFatal(TlsAlert.PROTOCOL_VERSION),
+        insufficientSecurity: TlsAlert.createFatal(TlsAlert.INSUFFICIENT_SECURITY),
+        internalError: TlsAlert.createFatal(TlsAlert.INTERNAL_ERROR),
+        unrecognizedNameFatal: TlsAlert.createFatal(TlsAlert.UNRECOGNIZED_NAME),
+    }; }
+    /**
+     * Utility method to send a warning-level unrecognized_name alert
+     * Specifically designed for SNI issues to encourage the client to retry with SNI
+     *
+     * @param socket The socket to send the alert to
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static async sendSniRequired(socket) {
+        return this.send(socket, this.LEVEL_WARNING, this.UNRECOGNIZED_NAME);
+    }
+    /**
+     * Utility method to send a close_notify alert and close the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent and the connection closed
+     */
+    static async sendCloseNotify(socket, closeDelay = 200) {
+        return this.send(socket, this.LEVEL_WARNING, this.CLOSE_NOTIFY, true, closeDelay);
+    }
+    /**
+     * Utility method to send a certificate_expired alert to force new TLS session
+     *
+     * @param socket The socket to send the alert to
+     * @param fatal Whether to send as a fatal alert (default: false)
+     * @param closeAfterSend Whether to close the connection after sending the alert (default: true)
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static async sendCertificateExpired(socket, fatal = false, closeAfterSend = true, closeDelay = 200) {
+        const level = fatal ? this.LEVEL_FATAL : this.LEVEL_WARNING;
+        return this.send(socket, level, this.CERTIFICATE_EXPIRED, closeAfterSend, closeDelay);
+    }
+    /**
+     * Send a sequence of alerts to force SNI from clients
+     * This combines multiple alerts to ensure maximum browser compatibility
+     *
+     * @param socket The socket to send the alerts to
+     * @returns Promise that resolves when all alerts have been sent
+     */
+    static async sendForceSniSequence(socket) {
+        try {
+            // Send unrecognized_name (warning)
+            socket.cork();
+            socket.write(this.alerts.unrecognizedName);
+            socket.uncork();
+            // Give the socket time to send the alert
+            return new Promise((resolve) => {
+                setTimeout(resolve, 50);
+            });
+        }
+        catch (err) {
+            return Promise.reject(err);
+        }
+    }
+    /**
+     * Send a fatal level alert that immediately terminates the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param description Alert description code
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 100ms)
+     * @returns Promise that resolves when the alert has been sent and the connection closed
+     */
+    static async sendFatalAndClose(socket, description, closeDelay = 100) {
+        return this.send(socket, this.LEVEL_FATAL, description, true, closeDelay);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGxzLWFsZXJ0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHMvcHJvdG9jb2xzL3Rscy9hbGVydHMvdGxzLWFsZXJ0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0scUJBQXFCLENBQUM7QUFDL0MsT0FBTyxFQUFFLGFBQWEsRUFBRSxtQkFBbUIsRUFBRSxVQUFVLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUV2Rjs7R0FFRztBQUNILE1BQU0sT0FBTyxRQUFRO0lBQ25CLHFDQUFxQzthQUNyQixrQkFBYSxHQUFHLGFBQWEsQ0FBQyxPQUFPLENBQUM7YUFDdEMsZ0JBQVcsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDO0lBRWxELDJDQUEyQzthQUMzQixpQkFBWSxHQUFHLG1CQUFtQixDQUFDLFlBQVksQ0FBQzthQUNoRCx1QkFBa0IsR0FBRyxtQkFBbUIsQ0FBQyxrQkFBa0IsQ0FBQzthQUM1RCxtQkFBYyxHQUFHLG1CQUFtQixDQUFDLGNBQWMsQ0FBQzthQUNwRCxzQkFBaUIsR0FBRyxtQkFBbUIsQ0FBQyxpQkFBaUIsQ0FBQzthQUMxRCxvQkFBZSxHQUFHLG1CQUFtQixDQUFDLGVBQWUsQ0FBQzthQUN0RCwwQkFBcUIsR0FBRyxtQkFBbUIsQ0FBQyxxQkFBcUIsQ0FBQzthQUNsRSxzQkFBaUIsR0FBRyxtQkFBbUIsQ0FBQyxpQkFBaUIsQ0FBQzthQUMxRCxtQkFBYyxHQUFHLG1CQUFtQixDQUFDLGNBQWMsQ0FBQzthQUNwRCxvQkFBZSxHQUFHLG1CQUFtQixDQUFDLGVBQWUsQ0FBQzthQUN0RCw0QkFBdUIsR0FBRyxtQkFBbUIsQ0FBQyx1QkFBdUIsQ0FBQzthQUN0RSx3QkFBbUIsR0FBRyxtQkFBbUIsQ0FBQyxtQkFBbUIsQ0FBQzthQUM5RCx3QkFBbUIsR0FBRyxtQkFBbUIsQ0FBQyxtQkFBbUIsQ0FBQzthQUM5RCx3QkFBbUIsR0FBRyxtQkFBbUIsQ0FBQyxtQkFBbUIsQ0FBQzthQUM5RCxzQkFBaUIsR0FBRyxtQkFBbUIsQ0FBQyxpQkFBaUIsQ0FBQzthQUMxRCxlQUFVLEdBQUcsbUJBQW1CLENBQUMsVUFBVSxDQUFDO2FBQzVDLGtCQUFhLEdBQUcsbUJBQW1CLENBQUMsYUFBYSxDQUFDO2FBQ2xELGlCQUFZLEdBQUcsbUJBQW1CLENBQUMsWUFBWSxDQUFDO2FBQ2hELGtCQUFhLEdBQUcsbUJBQW1CLENBQUMsYUFBYSxDQUFDO2FBQ2xELHVCQUFrQixHQUFHLG1CQUFtQixDQUFDLGtCQUFrQixDQUFDO2FBQzVELHFCQUFnQixHQUFHLG1CQUFtQixDQUFDLGdCQUFnQixDQUFDO2FBQ3hELDBCQUFxQixHQUFHLG1CQUFtQixDQUFDLHFCQUFxQixDQUFDO2FBQ2xFLG1CQUFjLEdBQUcsbUJBQW1CLENBQUMsY0FBYyxDQUFDO2FBQ3BELDJCQUFzQixHQUFHLG1CQUFtQixDQUFDLHNCQUFzQixDQUFDO2FBQ3BFLGtCQUFhLEdBQUcsbUJBQW1CLENBQUMsYUFBYSxDQUFDO2FBQ2xELHFCQUFnQixHQUFHLG1CQUFtQixDQUFDLGdCQUFnQixDQUFDO2FBQ3hELHNCQUFpQixHQUFHLG1CQUFtQixDQUFDLGlCQUFpQixDQUFDO2FBQzFELDBCQUFxQixHQUFHLG1CQUFtQixDQUFDLHFCQUFxQixDQUFDO2FBQ2xFLHlCQUFvQixHQUFHLG1CQUFtQixDQUFDLG9CQUFvQixDQUFDO2FBQ2hFLHNCQUFpQixHQUFHLG1CQUFtQixDQUFDLGlCQUFpQixDQUFDO2FBQzFELG9DQUErQixHQUFHLG1CQUFtQixDQUFDLCtCQUErQixDQUFDO2FBQ3RGLCtCQUEwQixHQUFHLG1CQUFtQixDQUFDLDBCQUEwQixDQUFDO2FBQzVFLHlCQUFvQixHQUFHLG1CQUFtQixDQUFDLG9CQUFvQixDQUFDO2FBQ2hFLDZCQUF3QixHQUFHLG1CQUFtQixDQUFDLHdCQUF3QixDQUFDO2FBQ3hFLDRCQUF1QixHQUFHLG1CQUFtQixDQUFDLHVCQUF1QixDQUFDO0lBRXRGOzs7Ozs7O09BT0c7SUFDSCxNQUFNLENBQUMsTUFBTSxDQUNYLEtBQWEsRUFDYixXQUFtQixFQUNuQixhQUErQixDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUUzRSxPQUFPLE1BQU0sQ0FBQyxJQUFJLENBQUM7WUFDakIsSUFBSSxFQUFFLG9CQUFvQjtZQUMxQixVQUFVLENBQUMsQ0FBQyxDQUFDO1lBQ2IsVUFBVSxDQUFDLENBQUMsQ0FBQyxFQUFFLDJDQUEyQztZQUMxRCxJQUFJO1lBQ0osSUFBSSxFQUFFLFNBQVM7WUFDZixLQUFLLEVBQUUsY0FBYztZQUNyQixXQUFXLEVBQUUsb0JBQW9CO1NBQ2xDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILE1BQU0sQ0FBQyxhQUFhLENBQUMsV0FBbUI7UUFDdEMsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsV0FBVyxDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsTUFBTSxDQUFDLFdBQVcsQ0FBQyxXQUFtQjtRQUNwQyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxXQUFXLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQ2YsTUFBMEIsRUFDMUIsS0FBYSxFQUNiLFdBQW1CLEVBQ25CLGlCQUEwQixLQUFLLEVBQy9CLGFBQXFCLEdBQUc7UUFFeEIsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFFOUMsT0FBTyxJQUFJLE9BQU8sQ0FBTyxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsRUFBRTtZQUMzQyxJQUFJLENBQUM7Z0JBQ0gsaURBQWlEO2dCQUNqRCxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ2QsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQyxHQUFHLEVBQUUsRUFBRTtvQkFDbEQsSUFBSSxHQUFHLEVBQUUsQ0FBQzt3QkFDUixNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7d0JBQ1osT0FBTztvQkFDVCxDQUFDO29CQUVELElBQUksY0FBYyxFQUFFLENBQUM7d0JBQ25CLFVBQVUsQ0FBQyxHQUFHLEVBQUU7NEJBQ2QsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDOzRCQUNiLE9BQU8sRUFBRSxDQUFDO3dCQUNaLENBQUMsRUFBRSxVQUFVLENBQUMsQ0FBQztvQkFDakIsQ0FBQzt5QkFBTSxDQUFDO3dCQUNOLE9BQU8sRUFBRSxDQUFDO29CQUNaLENBQUM7Z0JBQ0gsQ0FBQyxDQUFDLENBQUM7Z0JBQ0gsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUVoQix5REFBeUQ7Z0JBQ3pELElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztvQkFDeEMsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsR0FBRyxFQUFFO3dCQUN4QixPQUFPLEVBQUUsQ0FBQztvQkFDWixDQUFDLENBQUMsQ0FBQztnQkFDTCxDQUFDO1lBQ0gsQ0FBQztZQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7Z0JBQ2IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQ2QsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOztPQUVHO2FBQ2EsV0FBTSxHQUFHO1FBQ3ZCLHVCQUF1QjtRQUN2QixXQUFXLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFDO1FBQzFELG9CQUFvQixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDO1FBQzVFLG1CQUFtQixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLG9CQUFvQixDQUFDO1FBQzFFLGdCQUFnQixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO1FBQ3BFLGVBQWUsRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQztRQUNsRSxZQUFZLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDO1FBRTVELDhDQUE4QztRQUM5Qyx5QkFBeUIsRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxtQkFBbUIsQ0FBQztRQUMvRSx1QkFBdUIsRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQztRQUMzRSwyQkFBMkIsRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQztRQUVuRixxQkFBcUI7UUFDckIsaUJBQWlCLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsa0JBQWtCLENBQUM7UUFDcEUsWUFBWSxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQztRQUMzRCxjQUFjLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsZUFBZSxDQUFDO1FBQzlELGdCQUFnQixFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO1FBQ2xFLGNBQWMsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxlQUFlLENBQUM7UUFDOUQsa0JBQWtCLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsbUJBQW1CLENBQUM7UUFDdEUsa0JBQWtCLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsbUJBQW1CLENBQUM7UUFDdEUsZ0JBQWdCLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7UUFDbEUsU0FBUyxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQztRQUNwRCxZQUFZLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDO1FBQzFELFdBQVcsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUM7UUFDeEQsWUFBWSxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQztRQUMxRCxlQUFlLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLENBQUM7UUFDaEUsb0JBQW9CLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUM7UUFDMUUsYUFBYSxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQztRQUM1RCxxQkFBcUIsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQztLQUN4RSxDQUFDO0lBRUY7Ozs7OztPQU1HO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQUMsTUFBMEI7UUFDckQsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3ZFLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxNQUEwQixFQUFFLGFBQXFCLEdBQUc7UUFDL0UsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxZQUFZLEVBQUUsSUFBSSxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsc0JBQXNCLENBQ2pDLE1BQTBCLEVBQzFCLFFBQWlCLEtBQUssRUFDdEIsaUJBQTBCLElBQUksRUFDOUIsYUFBcUIsR0FBRztRQUV4QixNQUFNLEtBQUssR0FBRyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUM7UUFDNUQsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLEVBQUUsSUFBSSxDQUFDLG1CQUFtQixFQUFFLGNBQWMsRUFBRSxVQUFVLENBQUMsQ0FBQztJQUN4RixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxNQUEwQjtRQUMxRCxJQUFJLENBQUM7WUFDSCxtQ0FBbUM7WUFDbkMsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2QsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLENBQUM7WUFDM0MsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBRWhCLHlDQUF5QztZQUN6QyxPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUU7Z0JBQzdCLFVBQVUsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDMUIsQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE9BQU8sT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUM3QixDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7Ozs7O09BT0c7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUM1QixNQUEwQixFQUMxQixXQUFtQixFQUNuQixhQUFxQixHQUFHO1FBRXhCLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsSUFBSSxDQUFDLFdBQVcsRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQzVFLENBQUMifQ==

package/dist_ts/protocols/tls/constants.d.ts

@@ -0,0 +1,122 @@
+/**
+ * TLS Protocol Constants
+ * Based on various TLS RFCs
+ */
+/**
+ * TLS record types as defined in various RFCs
+ */
+export declare enum TlsRecordType {
+    CHANGE_CIPHER_SPEC = 20,
+    ALERT = 21,
+    HANDSHAKE = 22,
+    APPLICATION_DATA = 23,
+    HEARTBEAT = 24
+}
+/**
+ * TLS handshake message types
+ */
+export declare enum TlsHandshakeType {
+    HELLO_REQUEST = 0,
+    CLIENT_HELLO = 1,
+    SERVER_HELLO = 2,
+    NEW_SESSION_TICKET = 4,
+    ENCRYPTED_EXTENSIONS = 8,// TLS 1.3
+    CERTIFICATE = 11,
+    SERVER_KEY_EXCHANGE = 12,
+    CERTIFICATE_REQUEST = 13,
+    SERVER_HELLO_DONE = 14,
+    CERTIFICATE_VERIFY = 15,
+    CLIENT_KEY_EXCHANGE = 16,
+    FINISHED = 20
+}
+/**
+ * TLS extension types
+ */
+export declare enum TlsExtensionType {
+    SERVER_NAME = 0,// SNI
+    MAX_FRAGMENT_LENGTH = 1,
+    CLIENT_CERTIFICATE_URL = 2,
+    TRUSTED_CA_KEYS = 3,
+    TRUNCATED_HMAC = 4,
+    STATUS_REQUEST = 5,// OCSP
+    SUPPORTED_GROUPS = 10,// Previously named "elliptic_curves"
+    EC_POINT_FORMATS = 11,
+    SIGNATURE_ALGORITHMS = 13,
+    APPLICATION_LAYER_PROTOCOL_NEGOTIATION = 16,// ALPN
+    SIGNED_CERTIFICATE_TIMESTAMP = 18,// Certificate Transparency
+    PADDING = 21,
+    SESSION_TICKET = 35,
+    PRE_SHARED_KEY = 41,// TLS 1.3
+    EARLY_DATA = 42,// TLS 1.3 0-RTT
+    SUPPORTED_VERSIONS = 43,// TLS 1.3
+    COOKIE = 44,// TLS 1.3
+    PSK_KEY_EXCHANGE_MODES = 45,// TLS 1.3
+    CERTIFICATE_AUTHORITIES = 47,// TLS 1.3
+    POST_HANDSHAKE_AUTH = 49,// TLS 1.3
+    SIGNATURE_ALGORITHMS_CERT = 50,// TLS 1.3
+    KEY_SHARE = 51
+}
+/**
+ * TLS alert levels
+ */
+export declare enum TlsAlertLevel {
+    WARNING = 1,
+    FATAL = 2
+}
+/**
+ * TLS alert description codes
+ */
+export declare enum TlsAlertDescription {
+    CLOSE_NOTIFY = 0,
+    UNEXPECTED_MESSAGE = 10,
+    BAD_RECORD_MAC = 20,
+    DECRYPTION_FAILED = 21,// TLS 1.0 only
+    RECORD_OVERFLOW = 22,
+    DECOMPRESSION_FAILURE = 30,// TLS 1.2 and below
+    HANDSHAKE_FAILURE = 40,
+    NO_CERTIFICATE = 41,// SSLv3 only
+    BAD_CERTIFICATE = 42,
+    UNSUPPORTED_CERTIFICATE = 43,
+    CERTIFICATE_REVOKED = 44,
+    CERTIFICATE_EXPIRED = 45,
+    CERTIFICATE_UNKNOWN = 46,
+    ILLEGAL_PARAMETER = 47,
+    UNKNOWN_CA = 48,
+    ACCESS_DENIED = 49,
+    DECODE_ERROR = 50,
+    DECRYPT_ERROR = 51,
+    EXPORT_RESTRICTION = 60,// TLS 1.0 only
+    PROTOCOL_VERSION = 70,
+    INSUFFICIENT_SECURITY = 71,
+    INTERNAL_ERROR = 80,
+    INAPPROPRIATE_FALLBACK = 86,
+    USER_CANCELED = 90,
+    NO_RENEGOTIATION = 100,// TLS 1.2 and below
+    MISSING_EXTENSION = 109,// TLS 1.3
+    UNSUPPORTED_EXTENSION = 110,// TLS 1.3
+    CERTIFICATE_REQUIRED = 111,// TLS 1.3
+    UNRECOGNIZED_NAME = 112,
+    BAD_CERTIFICATE_STATUS_RESPONSE = 113,
+    BAD_CERTIFICATE_HASH_VALUE = 114,// TLS 1.2 and below
+    UNKNOWN_PSK_IDENTITY = 115,
+    CERTIFICATE_REQUIRED_1_3 = 116,// TLS 1.3
+    NO_APPLICATION_PROTOCOL = 120
+}
+/**
+ * TLS version codes (major.minor)
+ */
+export declare const TlsVersion: {
+    readonly SSL3: readonly [3, 0];
+    readonly TLS1_0: readonly [3, 1];
+    readonly TLS1_1: readonly [3, 2];
+    readonly TLS1_2: readonly [3, 3];
+    readonly TLS1_3: readonly [3, 4];
+};
+/**
+ * TLS version strings
+ */
+export type TTlsVersionString = 'SSLv3' | 'TLSv1.0' | 'TLSv1.1' | 'TLSv1.2' | 'TLSv1.3';
+/**
+ * Convert TLS version bytes to version string
+ */
+export declare function tlsVersionToString(major: number, minor: number): TTlsVersionString | null;

package/dist_ts/protocols/tls/constants.js

@@ -0,0 +1,135 @@
+/**
+ * TLS Protocol Constants
+ * Based on various TLS RFCs
+ */
+/**
+ * TLS record types as defined in various RFCs
+ */
+export var TlsRecordType;
+(function (TlsRecordType) {
+    TlsRecordType[TlsRecordType["CHANGE_CIPHER_SPEC"] = 20] = "CHANGE_CIPHER_SPEC";
+    TlsRecordType[TlsRecordType["ALERT"] = 21] = "ALERT";
+    TlsRecordType[TlsRecordType["HANDSHAKE"] = 22] = "HANDSHAKE";
+    TlsRecordType[TlsRecordType["APPLICATION_DATA"] = 23] = "APPLICATION_DATA";
+    TlsRecordType[TlsRecordType["HEARTBEAT"] = 24] = "HEARTBEAT";
+})(TlsRecordType || (TlsRecordType = {}));
+/**
+ * TLS handshake message types
+ */
+export var TlsHandshakeType;
+(function (TlsHandshakeType) {
+    TlsHandshakeType[TlsHandshakeType["HELLO_REQUEST"] = 0] = "HELLO_REQUEST";
+    TlsHandshakeType[TlsHandshakeType["CLIENT_HELLO"] = 1] = "CLIENT_HELLO";
+    TlsHandshakeType[TlsHandshakeType["SERVER_HELLO"] = 2] = "SERVER_HELLO";
+    TlsHandshakeType[TlsHandshakeType["NEW_SESSION_TICKET"] = 4] = "NEW_SESSION_TICKET";
+    TlsHandshakeType[TlsHandshakeType["ENCRYPTED_EXTENSIONS"] = 8] = "ENCRYPTED_EXTENSIONS";
+    TlsHandshakeType[TlsHandshakeType["CERTIFICATE"] = 11] = "CERTIFICATE";
+    TlsHandshakeType[TlsHandshakeType["SERVER_KEY_EXCHANGE"] = 12] = "SERVER_KEY_EXCHANGE";
+    TlsHandshakeType[TlsHandshakeType["CERTIFICATE_REQUEST"] = 13] = "CERTIFICATE_REQUEST";
+    TlsHandshakeType[TlsHandshakeType["SERVER_HELLO_DONE"] = 14] = "SERVER_HELLO_DONE";
+    TlsHandshakeType[TlsHandshakeType["CERTIFICATE_VERIFY"] = 15] = "CERTIFICATE_VERIFY";
+    TlsHandshakeType[TlsHandshakeType["CLIENT_KEY_EXCHANGE"] = 16] = "CLIENT_KEY_EXCHANGE";
+    TlsHandshakeType[TlsHandshakeType["FINISHED"] = 20] = "FINISHED";
+})(TlsHandshakeType || (TlsHandshakeType = {}));
+/**
+ * TLS extension types
+ */
+export var TlsExtensionType;
+(function (TlsExtensionType) {
+    TlsExtensionType[TlsExtensionType["SERVER_NAME"] = 0] = "SERVER_NAME";
+    TlsExtensionType[TlsExtensionType["MAX_FRAGMENT_LENGTH"] = 1] = "MAX_FRAGMENT_LENGTH";
+    TlsExtensionType[TlsExtensionType["CLIENT_CERTIFICATE_URL"] = 2] = "CLIENT_CERTIFICATE_URL";
+    TlsExtensionType[TlsExtensionType["TRUSTED_CA_KEYS"] = 3] = "TRUSTED_CA_KEYS";
+    TlsExtensionType[TlsExtensionType["TRUNCATED_HMAC"] = 4] = "TRUNCATED_HMAC";
+    TlsExtensionType[TlsExtensionType["STATUS_REQUEST"] = 5] = "STATUS_REQUEST";
+    TlsExtensionType[TlsExtensionType["SUPPORTED_GROUPS"] = 10] = "SUPPORTED_GROUPS";
+    TlsExtensionType[TlsExtensionType["EC_POINT_FORMATS"] = 11] = "EC_POINT_FORMATS";
+    TlsExtensionType[TlsExtensionType["SIGNATURE_ALGORITHMS"] = 13] = "SIGNATURE_ALGORITHMS";
+    TlsExtensionType[TlsExtensionType["APPLICATION_LAYER_PROTOCOL_NEGOTIATION"] = 16] = "APPLICATION_LAYER_PROTOCOL_NEGOTIATION";
+    TlsExtensionType[TlsExtensionType["SIGNED_CERTIFICATE_TIMESTAMP"] = 18] = "SIGNED_CERTIFICATE_TIMESTAMP";
+    TlsExtensionType[TlsExtensionType["PADDING"] = 21] = "PADDING";
+    TlsExtensionType[TlsExtensionType["SESSION_TICKET"] = 35] = "SESSION_TICKET";
+    TlsExtensionType[TlsExtensionType["PRE_SHARED_KEY"] = 41] = "PRE_SHARED_KEY";
+    TlsExtensionType[TlsExtensionType["EARLY_DATA"] = 42] = "EARLY_DATA";
+    TlsExtensionType[TlsExtensionType["SUPPORTED_VERSIONS"] = 43] = "SUPPORTED_VERSIONS";
+    TlsExtensionType[TlsExtensionType["COOKIE"] = 44] = "COOKIE";
+    TlsExtensionType[TlsExtensionType["PSK_KEY_EXCHANGE_MODES"] = 45] = "PSK_KEY_EXCHANGE_MODES";
+    TlsExtensionType[TlsExtensionType["CERTIFICATE_AUTHORITIES"] = 47] = "CERTIFICATE_AUTHORITIES";
+    TlsExtensionType[TlsExtensionType["POST_HANDSHAKE_AUTH"] = 49] = "POST_HANDSHAKE_AUTH";
+    TlsExtensionType[TlsExtensionType["SIGNATURE_ALGORITHMS_CERT"] = 50] = "SIGNATURE_ALGORITHMS_CERT";
+    TlsExtensionType[TlsExtensionType["KEY_SHARE"] = 51] = "KEY_SHARE";
+})(TlsExtensionType || (TlsExtensionType = {}));
+/**
+ * TLS alert levels
+ */
+export var TlsAlertLevel;
+(function (TlsAlertLevel) {
+    TlsAlertLevel[TlsAlertLevel["WARNING"] = 1] = "WARNING";
+    TlsAlertLevel[TlsAlertLevel["FATAL"] = 2] = "FATAL";
+})(TlsAlertLevel || (TlsAlertLevel = {}));
+/**
+ * TLS alert description codes
+ */
+export var TlsAlertDescription;
+(function (TlsAlertDescription) {
+    TlsAlertDescription[TlsAlertDescription["CLOSE_NOTIFY"] = 0] = "CLOSE_NOTIFY";
+    TlsAlertDescription[TlsAlertDescription["UNEXPECTED_MESSAGE"] = 10] = "UNEXPECTED_MESSAGE";
+    TlsAlertDescription[TlsAlertDescription["BAD_RECORD_MAC"] = 20] = "BAD_RECORD_MAC";
+    TlsAlertDescription[TlsAlertDescription["DECRYPTION_FAILED"] = 21] = "DECRYPTION_FAILED";
+    TlsAlertDescription[TlsAlertDescription["RECORD_OVERFLOW"] = 22] = "RECORD_OVERFLOW";
+    TlsAlertDescription[TlsAlertDescription["DECOMPRESSION_FAILURE"] = 30] = "DECOMPRESSION_FAILURE";
+    TlsAlertDescription[TlsAlertDescription["HANDSHAKE_FAILURE"] = 40] = "HANDSHAKE_FAILURE";
+    TlsAlertDescription[TlsAlertDescription["NO_CERTIFICATE"] = 41] = "NO_CERTIFICATE";
+    TlsAlertDescription[TlsAlertDescription["BAD_CERTIFICATE"] = 42] = "BAD_CERTIFICATE";
+    TlsAlertDescription[TlsAlertDescription["UNSUPPORTED_CERTIFICATE"] = 43] = "UNSUPPORTED_CERTIFICATE";
+    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_REVOKED"] = 44] = "CERTIFICATE_REVOKED";
+    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_EXPIRED"] = 45] = "CERTIFICATE_EXPIRED";
+    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_UNKNOWN"] = 46] = "CERTIFICATE_UNKNOWN";
+    TlsAlertDescription[TlsAlertDescription["ILLEGAL_PARAMETER"] = 47] = "ILLEGAL_PARAMETER";
+    TlsAlertDescription[TlsAlertDescription["UNKNOWN_CA"] = 48] = "UNKNOWN_CA";
+    TlsAlertDescription[TlsAlertDescription["ACCESS_DENIED"] = 49] = "ACCESS_DENIED";
+    TlsAlertDescription[TlsAlertDescription["DECODE_ERROR"] = 50] = "DECODE_ERROR";
+    TlsAlertDescription[TlsAlertDescription["DECRYPT_ERROR"] = 51] = "DECRYPT_ERROR";
+    TlsAlertDescription[TlsAlertDescription["EXPORT_RESTRICTION"] = 60] = "EXPORT_RESTRICTION";
+    TlsAlertDescription[TlsAlertDescription["PROTOCOL_VERSION"] = 70] = "PROTOCOL_VERSION";
+    TlsAlertDescription[TlsAlertDescription["INSUFFICIENT_SECURITY"] = 71] = "INSUFFICIENT_SECURITY";
+    TlsAlertDescription[TlsAlertDescription["INTERNAL_ERROR"] = 80] = "INTERNAL_ERROR";
+    TlsAlertDescription[TlsAlertDescription["INAPPROPRIATE_FALLBACK"] = 86] = "INAPPROPRIATE_FALLBACK";
+    TlsAlertDescription[TlsAlertDescription["USER_CANCELED"] = 90] = "USER_CANCELED";
+    TlsAlertDescription[TlsAlertDescription["NO_RENEGOTIATION"] = 100] = "NO_RENEGOTIATION";
+    TlsAlertDescription[TlsAlertDescription["MISSING_EXTENSION"] = 109] = "MISSING_EXTENSION";
+    TlsAlertDescription[TlsAlertDescription["UNSUPPORTED_EXTENSION"] = 110] = "UNSUPPORTED_EXTENSION";
+    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_REQUIRED"] = 111] = "CERTIFICATE_REQUIRED";
+    TlsAlertDescription[TlsAlertDescription["UNRECOGNIZED_NAME"] = 112] = "UNRECOGNIZED_NAME";
+    TlsAlertDescription[TlsAlertDescription["BAD_CERTIFICATE_STATUS_RESPONSE"] = 113] = "BAD_CERTIFICATE_STATUS_RESPONSE";
+    TlsAlertDescription[TlsAlertDescription["BAD_CERTIFICATE_HASH_VALUE"] = 114] = "BAD_CERTIFICATE_HASH_VALUE";
+    TlsAlertDescription[TlsAlertDescription["UNKNOWN_PSK_IDENTITY"] = 115] = "UNKNOWN_PSK_IDENTITY";
+    TlsAlertDescription[TlsAlertDescription["CERTIFICATE_REQUIRED_1_3"] = 116] = "CERTIFICATE_REQUIRED_1_3";
+    TlsAlertDescription[TlsAlertDescription["NO_APPLICATION_PROTOCOL"] = 120] = "NO_APPLICATION_PROTOCOL";
+})(TlsAlertDescription || (TlsAlertDescription = {}));
+/**
+ * TLS version codes (major.minor)
+ */
+export const TlsVersion = {
+    SSL3: [0x03, 0x00],
+    TLS1_0: [0x03, 0x01],
+    TLS1_1: [0x03, 0x02],
+    TLS1_2: [0x03, 0x03],
+    TLS1_3: [0x03, 0x04],
+};
+/**
+ * Convert TLS version bytes to version string
+ */
+export function tlsVersionToString(major, minor) {
+    if (major === 0x03) {
+        switch (minor) {
+            case 0x00: return 'SSLv3';
+            case 0x01: return 'TLSv1.0';
+            case 0x02: return 'TLSv1.1';
+            case 0x03: return 'TLSv1.2';
+            case 0x04: return 'TLSv1.3';
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RhbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vdHMvcHJvdG9jb2xzL3Rscy9jb25zdGFudHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7OztHQUdHO0FBRUg7O0dBRUc7QUFDSCxNQUFNLENBQU4sSUFBWSxhQU1YO0FBTkQsV0FBWSxhQUFhO0lBQ3ZCLDhFQUF1QixDQUFBO0lBQ3ZCLG9EQUFVLENBQUE7SUFDViw0REFBYyxDQUFBO0lBQ2QsMEVBQXFCLENBQUE7SUFDckIsNERBQWMsQ0FBQTtBQUNoQixDQUFDLEVBTlcsYUFBYSxLQUFiLGFBQWEsUUFNeEI7QUFFRDs7R0FFRztBQUNILE1BQU0sQ0FBTixJQUFZLGdCQWFYO0FBYkQsV0FBWSxnQkFBZ0I7SUFDMUIseUVBQWlCLENBQUE7SUFDakIsdUVBQWdCLENBQUE7SUFDaEIsdUVBQWdCLENBQUE7SUFDaEIsbUZBQXNCLENBQUE7SUFDdEIsdUZBQXdCLENBQUE7SUFDeEIsc0VBQWdCLENBQUE7SUFDaEIsc0ZBQXdCLENBQUE7SUFDeEIsc0ZBQXdCLENBQUE7SUFDeEIsa0ZBQXNCLENBQUE7SUFDdEIsb0ZBQXVCLENBQUE7SUFDdkIsc0ZBQXdCLENBQUE7SUFDeEIsZ0VBQWEsQ0FBQTtBQUNmLENBQUMsRUFiVyxnQkFBZ0IsS0FBaEIsZ0JBQWdCLFFBYTNCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLENBQU4sSUFBWSxnQkF1Qlg7QUF2QkQsV0FBWSxnQkFBZ0I7SUFDMUIscUVBQWUsQ0FBQTtJQUNmLHFGQUF1QixDQUFBO0lBQ3ZCLDJGQUEwQixDQUFBO0lBQzFCLDZFQUFtQixDQUFBO0lBQ25CLDJFQUFrQixDQUFBO0lBQ2xCLDJFQUFrQixDQUFBO0lBQ2xCLGdGQUFxQixDQUFBO0lBQ3JCLGdGQUFxQixDQUFBO0lBQ3JCLHdGQUF5QixDQUFBO0lBQ3pCLDRIQUEyQyxDQUFBO0lBQzNDLHdHQUFpQyxDQUFBO0lBQ2pDLDhEQUFZLENBQUE7SUFDWiw0RUFBbUIsQ0FBQTtJQUNuQiw0RUFBbUIsQ0FBQTtJQUNuQixvRUFBZSxDQUFBO0lBQ2Ysb0ZBQXVCLENBQUE7SUFDdkIsNERBQVcsQ0FBQTtJQUNYLDRGQUEyQixDQUFBO0lBQzNCLDhGQUE0QixDQUFBO0lBQzVCLHNGQUF3QixDQUFBO0lBQ3hCLGtHQUE4QixDQUFBO0lBQzlCLGtFQUFjLENBQUE7QUFDaEIsQ0FBQyxFQXZCVyxnQkFBZ0IsS0FBaEIsZ0JBQWdCLFFBdUIzQjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxDQUFOLElBQVksYUFHWDtBQUhELFdBQVksYUFBYTtJQUN2Qix1REFBVyxDQUFBO0lBQ1gsbURBQVMsQ0FBQTtBQUNYLENBQUMsRUFIVyxhQUFhLEtBQWIsYUFBYSxRQUd4QjtBQUVEOztHQUVHO0FBQ0gsTUFBTSxDQUFOLElBQVksbUJBbUNYO0FBbkNELFdBQVksbUJBQW1CO0lBQzdCLDZFQUFnQixDQUFBO0lBQ2hCLDBGQUF1QixDQUFBO0lBQ3ZCLGtGQUFtQixDQUFBO0lBQ25CLHdGQUFzQixDQUFBO0lBQ3RCLG9GQUFvQixDQUFBO0lBQ3BCLGdHQUEwQixDQUFBO0lBQzFCLHdGQUFzQixDQUFBO0lBQ3RCLGtGQUFtQixDQUFBO0lBQ25CLG9GQUFvQixDQUFBO0lBQ3BCLG9HQUE0QixDQUFBO0lBQzVCLDRGQUF3QixDQUFBO0lBQ3hCLDRGQUF3QixDQUFBO0lBQ3hCLDRGQUF3QixDQUFBO0lBQ3hCLHdGQUFzQixDQUFBO0lBQ3RCLDBFQUFlLENBQUE7SUFDZixnRkFBa0IsQ0FBQTtJQUNsQiw4RUFBaUIsQ0FBQTtJQUNqQixnRkFBa0IsQ0FBQTtJQUNsQiwwRkFBdUIsQ0FBQTtJQUN2QixzRkFBcUIsQ0FBQTtJQUNyQixnR0FBMEIsQ0FBQTtJQUMxQixrRkFBbUIsQ0FBQTtJQUNuQixrR0FBMkIsQ0FBQTtJQUMzQixnRkFBa0IsQ0FBQTtJQUNsQix1RkFBc0IsQ0FBQTtJQUN0Qix5RkFBdUIsQ0FBQTtJQUN2QixpR0FBMkIsQ0FBQTtJQUMzQiwrRkFBMEIsQ0FBQTtJQUMxQix5RkFBdUIsQ0FBQTtJQUN2QixxSEFBcUMsQ0FBQTtJQUNyQywyR0FBZ0MsQ0FBQTtJQUNoQywrRkFBMEIsQ0FBQTtJQUMxQix1R0FBOEIsQ0FBQTtJQUM5QixxR0FBNkIsQ0FBQTtBQUMvQixDQUFDLEVBbkNXLG1CQUFtQixLQUFuQixtQkFBbUIsUUFtQzlCO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLENBQUMsTUFBTSxVQUFVLEdBQUc7SUFDeEIsSUFBSSxFQUFFLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQztJQUNsQixNQUFNLEVBQUUsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDO0lBQ3BCLE1BQU0sRUFBRSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUM7SUFDcEIsTUFBTSxFQUFFLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQztJQUNwQixNQUFNLEVBQUUsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDO0NBQ1osQ0FBQztBQU9YOztHQUVHO0FBQ0gsTUFBTSxVQUFVLGtCQUFrQixDQUFDLEtBQWEsRUFBRSxLQUFhO0lBQzdELElBQUksS0FBSyxLQUFLLElBQUksRUFBRSxDQUFDO1FBQ25CLFFBQVEsS0FBSyxFQUFFLENBQUM7WUFDZCxLQUFLLElBQUksQ0FBQyxDQUFDLE9BQU8sT0FBTyxDQUFDO1lBQzFCLEtBQUssSUFBSSxDQUFDLENBQUMsT0FBTyxTQUFTLENBQUM7WUFDNUIsS0FBSyxJQUFJLENBQUMsQ0FBQyxPQUFPLFNBQVMsQ0FBQztZQUM1QixLQUFLLElBQUksQ0FBQyxDQUFDLE9BQU8sU0FBUyxDQUFDO1lBQzVCLEtBQUssSUFBSSxDQUFDLENBQUMsT0FBTyxTQUFTLENBQUM7UUFDOUIsQ0FBQztJQUNILENBQUM7SUFDRCxPQUFPLElBQUksQ0FBQztBQUNkLENBQUMifQ==