diff options
author | Vladimir Homutov <vl@nginx.com> | 2021-10-20 09:50:02 +0300 |
---|---|---|
committer | Vladimir Homutov <vl@nginx.com> | 2021-10-20 09:50:02 +0300 |
commit | ebb6f7d6563f51ae8325e3c0f10e9c5a91004fda (patch) | |
tree | 8ccb66a2abbac8c2b031df4d1c251c4bb907bdd5 /src/mail/ngx_mail_ssl_module.c | |
parent | df472eecc043700275ecae2655206163c786f758 (diff) | |
download | nginx-ebb6f7d6563f51ae8325e3c0f10e9c5a91004fda.tar.gz nginx-ebb6f7d6563f51ae8325e3c0f10e9c5a91004fda.zip |
HTTP: connections with wrong ALPN protocols are now rejected.
This is a recommended behavior by RFC 7301 and is useful
for mitigation of protocol confusion attacks [1].
To avoid possible negative effects, list of supported protocols
was extended to include all possible HTTP protocol ALPN IDs
registered by IANA [2], i.e. "http/1.0" and "http/0.9".
[1] https://alpaca-attack.com/
[2] https://www.iana.org/assignments/tls-extensiontype-values/
Diffstat (limited to 'src/mail/ngx_mail_ssl_module.c')
0 files changed, 0 insertions, 0 deletions