On Tue, Mar 04, 2014, Fedor Brunner wrote: > > Hi, > the attack described in https://secure-resumption.com/ breaks also tls > channel binding tls-unique RFC 5929. > > I would still like to use tls-unique for channel binding as defined in > SCRAM (RFC 5802). Can OpenSSL be used for channel binding and protect > against this attack if the session caching is disabled? > > SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF) > > Is it necessary to disable resumption using a different function? >
You'd also need to disable session tickets too. Note the initiial phase of the attack requires that the attacker possess a private key and certificate the client trusts. I'd be interested to know how that could happen under your circumstances. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
