From 1fecec0cbf1554c0473d5cca0fb55f8dc006e4ba Mon Sep 17 00:00:00 2001
From: Vladimir Homutov <vl@nginx.com>
Date: Wed, 20 Oct 2021 09:45:34 +0300
Subject: Mail: connections with wrong ALPN protocols are now rejected.

This is a recommended behavior by RFC 7301 and is useful
for mitigation of protocol confusion attacks [1].

For POP3 and IMAP protocols IANA-assigned ALPN IDs are used [2].
For the SMTP protocol "smtp" is used.

[1] https://alpaca-attack.com/
[2] https://www.iana.org/assignments/tls-extensiontype-values/
---
 src/mail/ngx_mail_imap_module.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/mail/ngx_mail_imap_module.c')

diff --git a/src/mail/ngx_mail_imap_module.c b/src/mail/ngx_mail_imap_module.c
index 1f187fdee..02c684cd4 100644
--- a/src/mail/ngx_mail_imap_module.c
+++ b/src/mail/ngx_mail_imap_module.c
@@ -46,6 +46,7 @@ static ngx_str_t  ngx_mail_imap_auth_methods_names[] = {
 
 static ngx_mail_protocol_t  ngx_mail_imap_protocol = {
     ngx_string("imap"),
+    ngx_string("\x04imap"),
     { 143, 993, 0, 0 },
     NGX_MAIL_IMAP_PROTOCOL,
 
-- 
cgit v1.2.3