Client should validate cipher suite on resumption

RESOLVED FIXED in 3.28

Status

NSS
Libraries
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: mt, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
A resumption PSK is bound to a particular hash function.  We don't check on the client that the cipher suite the server chooses is consistent with the PSK.
(Reporter)

Updated

2 years ago
See Also: → bug 1309054
(Reporter)

Comment 3

2 years ago
https://hg.mozilla.org/projects/nss/rev/bc7eeb21be3202a48b8957425bb093561bbcf40a
https://hg.mozilla.org/projects/nss/rev/52af7773f3623c9fe088c0a3d9540bbf57544fa7
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.28
You need to log in before you can comment on or make changes to this bug.