Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 57d2297473bdc1b61a589a73797eb25e0a00a8bd
commit57d2297473bdc1b61a589a73797eb25e0a00a8bd[log] [tgz]
authorLukas Tribus <luky-37@hotmail.com>Thu Apr 10 21:36:22 2014 +0200
committerWilly Tarreau <w@1wt.eu>Thu Apr 10 23:30:59 2014 +0200
tree9d7635a3d66f186d913953d551d95838fe066cc0
parent073edf3311aa963ca7e0496f70b848b5f1fe9ec3 [diff]
BUG/MINOR: acl: req_ssl_sni fails with SSLv3 record version

SNI is a TLS extension and requires at least TLSv1.0 or later, however
the version in the record layer may be SSLv3, not necessarily TLSv1.0.

GnuTLS for example does this.

Relax the record layer version check in smp_fetch_ssl_hello_sni() to
allow fetching SNI values from clients indicating SSLv3 in the record
layer (maintaining the TLSv1.0+ check in the actual handshake version).

This was reported and analyzed by Pravin Tatti.
1 file changed
tree: 9d7635a3d66f186d913953d551d95838fe066cc0
  1. contrib/
  2. doc/
  3. ebtree/
  4. examples/
  5. include/
  6. src/
  7. tests/
  8. .gitignore
  9. CHANGELOG
  10. LICENSE
  11. Makefile
  12. Makefile.bsd
  13. Makefile.osx
  14. README
  15. ROADMAP
  16. SUBVERS
  17. TODO
  18. VERDATE
  19. VERSION