mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-02-24 22:56:55 +00:00
e1f38dbb44
CVE-2009-3555 suggests that client-initiated renegociation should be prevented in the middle of data. The workaround here consists in having the SSL layer notify our callback about a handshake occurring, which in turn causes the connection to be marked in the error state if it was already considered established (which means if a previous handshake was completed). The result is that the connection with the client is immediately aborted and any pending data are dropped. |
||
|---|---|---|
| .. | ||
| common | ||
| import | ||
| proto | ||
| types | ||