← nischoy.ai

traefik Verification

SMT2 formal verification of security-critical code paths

ALL VERIFIED
Overall
1
Properties Checked
1
Verified
0
Failed

TLS Policy Decision Must Be Fragmentation-Safe During ClientHello

VERIFIED

Function: clientHelloInfo · Z3 solved in 3.1ms

CVE-2026-32305 class: TLS/mTLS policy selection must be robust to fragmented ClientHello parsing and must not rely on single-record SNI peeks that can produce empty-SNI fallback into weaker default TLS config. This catches sibling variants where pre-sniff routing is decoupled from full-handshake parsing under fragmented records.

View SMT2 Constraints 
; benchmark generated from python API
(set-info :status unknown)
(declare-fun fragmented_clienthello_sni_safe () Int)
(assert
 (<= fragmented_clienthello_sni_safe 1))
(assert
 (>= fragmented_clienthello_sni_safe 1))
(assert
 (and (distinct fragmented_clienthello_sni_safe 1) true))
(check-sat)

Last verified: 2026-03-27 00:05:21 UTC · Solver: Z3 4.16.0