d62a5265d7f51bc17842b0c5e1ef895131f77982 - nginx

commit	d62a5265d7f51bc17842b0c5e1ef895131f77982	[log] [tgz]
author	Vladimir Homutov <vl@nginx.com>	Wed Oct 20 09:45:34 2021 +0300
committer	Vladimir Homutov <vl@nginx.com>	Wed Oct 20 09:45:34 2021 +0300
tree	286ac8a4015910f9d0816fe28dcd398a36021022
parent	d14a4d84c705d15b1ed0f9d6a7491f8b4d4c3b9b [diff]

Mail: connections with wrong ALPN protocols are now rejected.

This is a recommended behavior by RFC 7301 and is useful
for mitigation of protocol confusion attacks [1].

For POP3 and IMAP protocols IANA-assigned ALPN IDs are used [2].
For the SMTP protocol "smtp" is used.

[1] https://alpaca-attack.com/
[2] https://www.iana.org/assignments/tls-extensiontype-values/

src/mail/ngx_mail.h[diff]
src/mail/ngx_mail_imap_module.c[diff]
src/mail/ngx_mail_pop3_module.c[diff]
src/mail/ngx_mail_smtp_module.c[diff]
src/mail/ngx_mail_ssl_module.c[diff]

5 files changed

tree: 286ac8a4015910f9d0816fe28dcd398a36021022

auto/
conf/
contrib/
docs/
misc/
src/
.hgtags