check record type; reject non-TLS connections

2022-06-04 00:00:00 +00:00 · 2022-06-04 00:00:00 +00:00 · e896674f39
parent 5bba2500af
commit e896674f39
1 changed files with 4 additions and 0 deletions
--- a/server.go
+++ b/server.go
@ -138,6 +138,10 @@ func peek(conn net.Conn, tlsConfig *tls.Config) {
 		log.Println(err)
 		return
 	}
+	if buf.Bytes()[0] != 0x16 {
+		// Not a Client Hello message.
+		return
+	}
 	length := binary.BigEndian.Uint16(buf.Bytes()[3:5])
 	_, err = io.CopyN(&buf, conn, int64(length))
 	if err != nil {