Mail: connections with wrong ALPN protocols are now rejected.

This is a recommended behavior by RFC 7301 and is useful for mitigation of protocol confusion attacks [1]. For POP3 and IMAP protocols IANA-assigned ALPN IDs are used [2]. For the SMTP protocol "smtp" is used. [1] https://alpaca-attack.com/ [2] https://www.iana.org/assignments/tls-extensiontype-values/
author: Vladimir Homutov <vl@nginx.com> 2021-10-20 09:45:34 +0300
committer: Vladimir Homutov <vl@nginx.com> 2021-10-20 09:45:34 +0300
commit: 1fecec0cbf1554c0473d5cca0fb55f8dc006e4ba (patch)
tree: 286ac8a4015910f9d0816fe28dcd398a36021022 /src/mail/ngx_mail.h
parent: ebb6f7d6563f51ae8325e3c0f10e9c5a91004fda (diff)
download: nginx-1fecec0cbf1554c0473d5cca0fb55f8dc006e4ba.tar.gz
nginx-1fecec0cbf1554c0473d5cca0fb55f8dc006e4ba.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
index 21178c3e2..e0c62b7ab 100644
--- a/src/mail/ngx_mail.h
+++ b/src/mail/ngx_mail.h
@@ -324,6 +324,7 @@ typedef ngx_int_t (*ngx_mail_parse_command_pt)(ngx_mail_session_t *s);
 
 struct ngx_mail_protocol_s {
     ngx_str_t                   name;
+    ngx_str_t                   alpn;
     in_port_t                   port[4];
     ngx_uint_t                  type;
author	Vladimir Homutov <vl@nginx.com>	2021-10-20 09:45:34 +0300
committer	Vladimir Homutov <vl@nginx.com>	2021-10-20 09:45:34 +0300
commit	1fecec0cbf1554c0473d5cca0fb55f8dc006e4ba (patch)
tree	286ac8a4015910f9d0816fe28dcd398a36021022 /src/mail/ngx_mail.h
parent	ebb6f7d6563f51ae8325e3c0f10e9c5a91004fda (diff)
download	nginx-1fecec0cbf1554c0473d5cca0fb55f8dc006e4ba.tar.gz nginx-1fecec0cbf1554c0473d5cca0fb55f8dc006e4ba.zip