Open Bug 861311 Opened 11 years ago Updated 1 year ago

limit false start when changing ALPN negotiated protocols

Categories

(Core :: Security: PSM, enhancement, P3)

20 Branch
enhancement

Tracking

()

People

(Reporter: mcmanus, Unassigned)

References

Details

(Whiteboard: [psm-backlog])

In the future, we should try to limit the potential for the attacker to
> choose the protocol in the same way we limit the attacker's ability to
> choose the cipher suite.


> 
> // XXX: An attacker can choose which protocols are advertised in the
> // NPN extension. [..] We should restrict the ability
> // of an attacker leverage this capability by restricting false start
> // to the same protocol we previously saw for the server, after the
> // first successful connection to the server.
Priority: -- → P3
Summary: limit false start when changing NPN/ALPN negotiated protocols → limit false start when changing ALPN negotiated protocols
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.