mirror of
http://git.haproxy.org/git/haproxy.git
synced 2026-02-11 09:32:48 +02:00
e1f38dbb44
CVE-2009-3555 suggests that client-initiated renegociation should be prevented in the middle of data. The workaround here consists in having the SSL layer notify our callback about a handshake occurring, which in turn causes the connection to be marked in the error state if it was already considered established (which means if a previous handshake was completed). The result is that the connection with the client is immediately aborted and any pending data are dropped.