diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2021-01-10 20:10:21 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2021-01-10 23:13:59 +0000 |
| commit | caa2a7c81d19907a6125438bc1e71b6a2f5e16d6 (patch) | |
| tree | 230974f6ee9ae1c409dd2fdc70c07b81a4c4af97 /src | |
| parent | fc96555ab63243de9d468325aeaaa14cd77b9943 (diff) | |
channel binding notes
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/auths/gsasl_exim.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index 12713705b..afd745bd7 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -831,7 +831,8 @@ if (tls_out.channelbinding && ob->client_channelbinding) { # ifndef DISABLE_TLS_RESUME if (!tls_out.ext_master_secret && tls_out.resumption == RESUME_USED) - { /* per RFC 7677 section 4 */ + { /* Per RFC 7677 section 4. See also RFC 7627, "Triple Handshake" + vulnerability, and https://www.mitls.org/pages/attacks/3SHAKE */ string_format(buffer, buffsize, "%s", "channel binding not usable on resumed TLS without extended-master-secret"); return FAIL; |