]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ebb6f7d) | patch
Mail: connections with wrong ALPN protocols are now rejected.
authorVladimir Homutov <vl@nginx.com>
Wed, 20 Oct 2021 06:45:34 +0000 (09:45 +0300)
committerVladimir Homutov <vl@nginx.com>
Wed, 20 Oct 2021 06:45:34 +0000 (09:45 +0300)
commit1fecec0cbf1554c0473d5cca0fb55f8dc006e4ba
tree286ac8a4015910f9d0816fe28dcd398a36021022tree | snapshot
parentebb6f7d6563f51ae8325e3c0f10e9c5a91004fdacommit | diff
Mail: connections with wrong ALPN protocols are now rejected.

This is a recommended behavior by RFC 7301 and is useful
for mitigation of protocol confusion attacks [1].

For POP3 and IMAP protocols IANA-assigned ALPN IDs are used [2].
For the SMTP protocol "smtp" is used.

[1] https://alpaca-attack.com/
[2] https://www.iana.org/assignments/tls-extensiontype-values/
src/mail/ngx_mail.h diff | blob | history
src/mail/ngx_mail_imap_module.c diff | blob | history
src/mail/ngx_mail_pop3_module.c diff | blob | history
src/mail/ngx_mail_smtp_module.c diff | blob | history
src/mail/ngx_mail_ssl_module.c diff | blob | history
nginx upstream