From 7ab7c8957f12c613917fd540f12c68e19e884d74 Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Wed, 19 Nov 2025 18:34:07 +0100 Subject: [PATCH] MEDIUM: ssl: Don't restrict usage of early-data with no ALPN In ssl_sock_io_cb(), immediately create the mux if we received early data even if we have not received an ALPN. At this point, if we have not received the ALPN, we will not receive one anyway, so we can just use the default mux (h1 when in mode HTTP, pt when in mode TCP). That way, we can immediately process early data even if the client sent not ALPN (which will happen if the client is haproxy with no ALPN on the server line). --- src/ssl_sock.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 40d5da29e..d6494ef55 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -6852,9 +6852,7 @@ struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned int state) if ((ctx->conn->flags & CO_FL_ERROR) || !(ctx->conn->flags & CO_FL_SSL_WAIT_HS) #ifdef SSL_READ_EARLY_DATA_SUCCESS - || (b_data(&ctx->early_buf) && (ctx->flags & SSL_SOCK_F_HAS_ALPN || - (objt_listener(conn->target) && - __objt_listener(conn->target)->bind_conf->mux_proto))) + || b_data(&ctx->early_buf) #endif ) { int woke = 0;