-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi, the attack described in https://secure-resumption.com/ breaks also tls channel binding tls-unique RFC 5929. I would still like to use tls-unique for channel binding as defined in SCRAM (RFC 5802). Can OpenSSL be used for channel binding and protect against this attack if the session caching is disabled? SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF) Is it necessary to disable resumption using a different function? Kind regards, Fedor Brunner -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJTFb30XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4QkVFQ0NBRDcyNzU1RTk2RTQwMzlEQjc2 RTE3NDA5NTQwNTY2M0FEAAoJEG4XQJVAVmOtHQIP/iF2Zg0pgBGbCpjACOI/Ug2e wWitxzPhAF0CF6ATE69uke+Q5QaSBee6w1y0hlKuLpayl1wZOqEnhLEUokpOkQZR DEOUFgk/EmU6RaMv0xRlUaB3VdT1F2zMvZ/gwK+3FrM6mNfEYG04JIIZhrD4DCtk 4Ce8FWRzTNIC4HG/OqA2PRp9dGPwm/JhEoTqexu282Qz1icGHQuNLq1HMj9gESbe dkuMg0v7W1YtrFJa1LYc2wOCugG3glya+zn+VRsC/8Ki8bejqkGWTYeAtDeg8yUm +9CFPhSoHYqNgOhAZ4SrRGyaKblnBI+NLEjOfCASqgCc7oJT3LNtWNNGJNgXoqiG 5gP9WLot39fKJ0g/gW0+PJQyCGMGYtYqJ9Xc93xcWmPZ7NGvn4p5wr/orBwyEB4S s62Q/HKzYb9xVpLvXhwHnjbHpWZS18wHNwIGquU6RL6Rl6Vzznl73+HC6u097zAG O+h/lfMmxsXIUbjMxpGazYjmNDR9rGCXzZ9xE498rkWIQIZBwTyyWxj2QSMtLv1v sQ6fmvnLP1aGEByrMjthHPQoFQtVruuGqmKoZ74lrIjttF5WgTBn5OdRoxeJUZPd eTZYrRe1zTKC+k6xqcixliQB2HB+zd4PAHt2IZiUaKR+W5Cu4ypJc4c0G4xNEtuN CZt2VD2yTjfTdlcjKSTH =nIoa -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org