Control: tags -1 + confirmed On Sat, 2022-05-14 at 09:11 +0200, Jan Mojzis wrote: > fixes ALPACA attack CVE-2021-3618: > ALPACA is an application layer protocol content confusion attack, > exploiting TLS servers implementing different protocols but using > compatible certificates, such as multi-domain or wildcard > certificates. A MiTM attacker having access to victim's traffic at > the TCP/IP layer can redirect traffic from one subdomain to another, > resulting in a valid TLS session. This breaks the authentication of > TLS and cross-protocol attacks may be possible where the behavior of > one protocol service may compromise the other at the application > layer. > > [ Impact ] > > Similarly to smtpd_hard_error_limit in Postfix and > smtp_max_unknown_commands > in Exim, specifies the number of errors after which the connection is > closed. >
Please go ahead. Regards, Adam
