From 385408732e4b3934d4bf14b1628f4b21a646875c Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Tue, 10 Mar 2020 18:40:18 +0300
Subject: [PATCH] Fixed nonce in short packet protection.

---
 src/event/ngx_event_quic.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index 6ea9d23ed..55eea0137 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -758,7 +758,9 @@ ngx_quic_create_short_packet(ngx_connection_t *c, ngx_ssl_conn_t *ssl_conn,
     }
 
     nonce = ngx_pstrdup(c->pool, &pkt->secret->iv);
-    if (pkt->level == ssl_encryption_handshake) {
+    if (pkt->level == ssl_encryption_handshake
+        || pkt->level == ssl_encryption_application)
+    {
         nonce[11] ^= (*pkt->number - 1);
     }