Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1683710 - Add a means to disable ALPN, r=bbeurdouche
We've recently learned the value of ALPN and SNI when it comes to protecting against cross-protocol attacks. However, some protocols don't have ALPN yet. For servers that terminate connections for those connections, validating that the client has not offered ALPN provides a way to protect against cross-protocol attacks. If the cross-protocol attack uses a protocol that does include ALPN, being able to reject those connections safely reduces exposure. This modifies SSL_SetNextProtoNego() to accept a zero-length buffer as an argument. Previously, this would have crashed. Now it causes the server to reject a handshake if ALPN is offered by the client. It was always possible to implement this by passing a function that always returns SECFailure to SSL_SetNextProtoCallback(). This approach has the advantage that the server generates a no_application_protocol alert, which is not something that user-provided code can do. Differential Revision: https://phabricator.services.mozilla.com/D110887 --HG-- extra : moz-landing-system : lando
- Loading branch information
1 parent
454ac71
commit f263c38
Showing
4 changed files
with
45 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters