The attack checks whether during TLS/SSL key exchange the client
explicitly checks that the server possesses the private key
corresponding to the SSL certificate the server presented to the
client. The cient is supposed to explicitly check this when the
key exchange requires the server generate and sign a
ServerKeyExchange message. For example, cipher suites using
emphemeral (EC)DH key exchange and RSA_EXPORT cipher suites fall
into this category.
If the client does not perform the check, the connection is
MiTMable.
The attack checks whether during TLS/SSL key exchange the client explicitly checks that the server possesses the private key corresponding to the SSL certificate the server presented to the client. The cient is supposed to explicitly check this when the key exchange requires the server generate and sign a ServerKeyExchange message. For example, cipher suites using emphemeral (EC)DH key exchange and RSA_EXPORT cipher suites fall into this category.
If the client does not perform the check, the connection is MiTMable.