A resumption PSK is bound to a particular hash function. We don't check on the client that the cipher suite the server chooses is consistent with the PSK.
New patch: https://nss-dev.phacility.com/D79
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.28
You need to log in before you can comment on or make changes to this bug.