You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The chrome add a type of key share call x25519kyber768draft00 which is very large. In my test, it has 1263 bytes.
It lets the ClientHello fragmented into multi segments.(At least 2 segments)
As I known, at this phase(SSL preread), nginx calls read() with MSG_PEEK once and only once. It must not call twice to get the next segment. Due to some feature of MSG_PEEK with kernel things.
It causes a lots of IPS, IDS, WAFm SSLi and so on cannot work as well.
Is nginx affected? I don't have environment to simulate.
The text was updated successfully, but these errors were encountered:
The chrome add a type of key share call
x25519kyber768draft00
which is very large. In my test, it has 1263 bytes.It lets the ClientHello fragmented into multi segments.(At least 2 segments)
As I known, at this phase(SSL preread), nginx calls
read()
withMSG_PEEK
once and only once. It must not call twice to get the next segment. Due to some feature ofMSG_PEEK
with kernel things.It causes a lots of IPS, IDS, WAFm SSLi and so on cannot work as well.
Is nginx affected? I don't have environment to simulate.
The text was updated successfully, but these errors were encountered: