From e896674f39229726675d8b2b74d1f0c816053db9 Mon Sep 17 00:00:00 2001
From: nervuri <seva@nervuri.net>
Date: Sat, 4 Jun 2022 00:00:00 +0000
Subject: [PATCH] check record type; reject non-TLS connections

---
 server.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server.go b/server.go
index 89359a3..e174aba 100644
--- a/server.go
+++ b/server.go
@@ -138,6 +138,10 @@ func peek(conn net.Conn, tlsConfig *tls.Config) {
 		log.Println(err)
 		return
 	}
+	if buf.Bytes()[0] != 0x16 {
+		// Not a Client Hello message.
+		return
+	}
 	length := binary.BigEndian.Uint16(buf.Bytes()[3:5])
 	_, err = io.CopyN(&buf, conn, int64(length))
 	if err != nil {