git.feebdaed.xyz Git - 0xmirror/nginx.git/commit

]> git.feebdaed.xyz Git - 0xmirror/nginx.git/commit

projects / 0xmirror / nginx.git / commit

author	Vladimir Homutov <vl@nginx.com>
	Wed, 20 Oct 2021 06:50:02 +0000 (09:50 +0300)
committer	Vladimir Homutov <vl@nginx.com>
	Wed, 20 Oct 2021 06:50:02 +0000 (09:50 +0300)
commit	ebb6f7d6563f51ae8325e3c0f10e9c5a91004fda
tree	8ccb66a2abbac8c2b031df4d1c251c4bb907bdd5	tree \| snapshot
parent	df472eecc043700275ecae2655206163c786f758	commit \| diff

HTTP: connections with wrong ALPN protocols are now rejected.

This is a recommended behavior by RFC 7301 and is useful
for mitigation of protocol confusion attacks [1].

To avoid possible negative effects, list of supported protocols
was extended to include all possible HTTP protocol ALPN IDs
registered by IANA [2], i.e. "http/1.0" and "http/0.9".

[1] https://alpaca-attack.com/
[2] https://www.iana.org/assignments/tls-extensiontype-values/

src/http/modules/ngx_http_ssl_module.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom