Opened 2 years ago

Closed 2 years ago

#1571 closed enhancement (duplicate)

Secure close connection on no SNI provided

Reported by: vit1251@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version:
Keywords: ssl tls Cc:
uname -a: Linux discover 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux
nginx -V: -bash: nginx: command not found

Description

When TLS handshake does not contain SNI extension would be able to close connection by nginx.

This situation may resolve server identification by address and IP dial directly attack.

Change History (1)

comment:1 by Maxim Dounin, 2 years ago

Resolution: duplicate
Status: newclosed

See #195 for a feature request about rejecting SSL handshakes based on server name matching, and see this comment on how to do it in current nginx versions. Closing this as a duplicate of #195.

Note: See TracTickets for help on using tickets.