Add RejectHandshake variant for TLS configuration

Added a new variant 'RejectHandshake' to handle TLS handshake rejection with a specific alert.
2026-04-19 19:44:11 +03:00 · 2026-04-19 12:40:10 +03:00
parent f1bf95a7de
commit 7bbed133ee
1 changed files with 7 additions and 0 deletions
--- a/src/config/types.rs
+++ b/src/config/types.rs
@@ -1571,6 +1571,13 @@ pub enum UnknownSniAction {
    Drop,
    Mask,
    Accept,
+    /// Reject the TLS handshake by sending a fatal `unrecognized_name` alert
+    /// (RFC 6066, AlertDescription = 112) before closing the connection.
+    /// Mimics nginx `ssl_reject_handshake on;` behavior on the default vhost —
+    /// the wire response indistinguishable from a stock modern web server
+    /// that simply does not host the requested name.
+    #[serde(rename = "reject_handshake")]
+    RejectHandshake,
 }

 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]