Forward Secrecy lost when TLS session tickets activated - Githubissues

aeris / cryptcheck

Verify some SSL/TLS website or XMPP implementation

GNU Affero General Public License v3.0

185 stars 20 forks source link

Forward Secrecy lost when TLS session tickets activated #21

Open tdelmas opened 8 years ago

tdelmas commented 8 years ago

According to https://wiki.mozilla.org/Security/Server_Side_TLS#TLS_tickets_.28RFC_5077.29 and https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf , when TLS session tickets are activated, we lose Forward Secrecy.

So I think the report should emphasis that.

rugk commented 8 years ago

Another source: https://github.com/mozilla/server-side-tls/issues/135

/cc @gene1wood @tomato42