Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Secure against triple handshake attacks #3

Open
lvh opened this Issue · 0 comments

1 participant

@lvh
Owner
lvh commented

We should defend against new triple handshake attacks on TLS. I would suggest just disabling session resumption; this is easier to test than testing if session resumption validates the server cert in exactly the same way.

We're probably only at least partially vulnerable because we only support PFS ciphersuites. A variant of the attack still works, but only for specific broken DHE groups.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.