Closed
Bug 1444050
Opened 6 years ago
Closed 6 years ago
Abort if the server picks TLS 1.2 but SH.session_id_echo equals the fake SID
Categories
(NSS :: Libraries, enhancement, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.37
People
(Reporter: ttaubert, Assigned: ttaubert)
Details
Attachments
(1 file)
This is for BoGo test EchoTLS13CompatibilitySessionID: The client wants to establish a connection with max_version=1.3 in compat mode and sends a fake SID. The server picks 1.2 but echos the fake SID.
Assignee | ||
Updated•6 years ago
|
Summary: Abort if the server picks TLS 1.2 but SH.legacy_session_id_echo equals the fake SID → Abort if the server picks TLS 1.2 but SH.session_id_echo equals the fake SID
Comment 1•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Priority: -- → P2
Comment 2•6 years ago
|
||
Comment on attachment 8957107 [details] Bug 1444050 - Abort if the server picks TLS 1.2 but SH.session_id equals the fake SID r=ekr Martin Thomson [:mt:] has approved the revision. https://phabricator.services.mozilla.com/D698
Attachment #8957107 -
Flags: review+
Assignee | ||
Comment 3•6 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/c329a8089a7c
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.37
Assignee | ||
Comment 4•6 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/6736b502665a
You need to log in
before you can comment on or make changes to this bug.
Description
•