Skip to content

Disable session resumption #10

Open
lvh opened this Issue Mar 4, 2014 · 0 comments

1 participant

@lvh
Crypto 101 member
lvh commented Mar 4, 2014

We may potentially be vulnerable to session resumption attacks, such as:

https://secure-resumption.com/

... since we use client certs extensively. It appears that just completely disabling session resumption would prevent this. A bit of an elephant gun, perhaps, but whatever.

@lvh lvh added the bug label Mar 4, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.