diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2021-01-10 20:10:21 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2021-01-10 23:13:59 +0000 |
| commit | caa2a7c81d19907a6125438bc1e71b6a2f5e16d6 (patch) | |
| tree | 230974f6ee9ae1c409dd2fdc70c07b81a4c4af97 /doc | |
| parent | fc96555ab63243de9d468325aeaaa14cd77b9943 (diff) | |
channel binding notes
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index bb053ed78..4c79e87cf 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -28181,6 +28181,10 @@ supplied by the server. .option server_channelbinding gsasl boolean false Do not set this true and rely on the properties without consulting a cryptographic engineer. +. Unsure what that's about. It might be the "Triple Handshake" +. vulnerability; cf. https://www.mitls.org/pages/attacks/3SHAKE +. If so, we're ok, requiring Extended Master Secret if TLS +. Session Resumption was used. Some authentication mechanisms are able to use external context at both ends of the session to bind the authentication to that context, and fail the |