aboutsummaryrefslogtreecommitdiff
path: root/src/mail/ngx_mail_imap_module.c
diff options
context:
space:
mode:
authorVladimir Homutov <vl@nginx.com>2021-10-20 09:50:02 +0300
committerVladimir Homutov <vl@nginx.com>2021-10-20 09:50:02 +0300
commitebb6f7d6563f51ae8325e3c0f10e9c5a91004fda (patch)
tree8ccb66a2abbac8c2b031df4d1c251c4bb907bdd5 /src/mail/ngx_mail_imap_module.c
parentdf472eecc043700275ecae2655206163c786f758 (diff)
downloadnginx-ebb6f7d6563f51ae8325e3c0f10e9c5a91004fda.tar.gz
nginx-ebb6f7d6563f51ae8325e3c0f10e9c5a91004fda.zip
HTTP: connections with wrong ALPN protocols are now rejected.
This is a recommended behavior by RFC 7301 and is useful for mitigation of protocol confusion attacks [1]. To avoid possible negative effects, list of supported protocols was extended to include all possible HTTP protocol ALPN IDs registered by IANA [2], i.e. "http/1.0" and "http/0.9". [1] https://alpaca-attack.com/ [2] https://www.iana.org/assignments/tls-extensiontype-values/
Diffstat (limited to 'src/mail/ngx_mail_imap_module.c')
0 files changed, 0 insertions, 0 deletions