Opened 6 years ago
Closed 6 years ago
#1571 closed enhancement (duplicate)
Secure close connection on no SNI provided
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | |
| Keywords: | ssl tls | Cc: | |
| uname -a: | Linux discover 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux | ||
| nginx -V: | -bash: nginx: command not found | ||
Description
When TLS handshake does not contain SNI extension would be able to close connection by nginx.
This situation may resolve server identification by address and IP dial directly attack.
Note:
See TracTickets
for help on using tickets.
See #195 for a feature request about rejecting SSL handshakes based on server name matching, and see this comment on how to do it in current nginx versions. Closing this as a duplicate of #195.