From 7bbed133ee9377535a468f8e7539398ba9b83068 Mon Sep 17 00:00:00 2001
From: lie-must-die <liemustdie@icloud.com>
Date: Sun, 19 Apr 2026 12:40:10 +0300
Subject: [PATCH] Add RejectHandshake variant for TLS configuration

Added a new variant 'RejectHandshake' to handle TLS handshake rejection with a specific alert.
---
 src/config/types.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/config/types.rs b/src/config/types.rs
index 2eede6d..9914b63 100644
--- a/src/config/types.rs
+++ b/src/config/types.rs
@@ -1571,6 +1571,13 @@ pub enum UnknownSniAction {
     Drop,
     Mask,
     Accept,
+    /// Reject the TLS handshake by sending a fatal `unrecognized_name` alert
+    /// (RFC 6066, AlertDescription = 112) before closing the connection.
+    /// Mimics nginx `ssl_reject_handshake on;` behavior on the default vhost —
+    /// the wire response indistinguishable from a stock modern web server
+    /// that simply does not host the requested name.
+    #[serde(rename = "reject_handshake")]
+    RejectHandshake,
 }
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]