chadbrubaker
commented
9 years ago Works for me, improved selection is still on my todo list
Closed klyubin closed 9 years ago
chadbrubaker
commented
9 years ago Works for me, improved selection is still on my todo list
The attack checks whether during TLS/SSL key exchange the client explicitly checks that the server possesses the private key corresponding to the SSL certificate the server presented to the client. The cient is supposed to explicitly check this when the key exchange requires the server generate and sign a ServerKeyExchange message. For example, cipher suites using emphemeral (EC)DH key exchange and RSA_EXPORT cipher suites fall into this category.
If the client does not perform the check, the connection is MiTMable.