aeris/cryptcheck

Forward Secrecy lost when TLS session tickets activated

Opened this issue 8 years ago · 1 comments

tdelmas commented 8 years ago

According to https://wiki.mozilla.org/Security/Server_Side_TLS#TLS_tickets_.28RFC_5077.29 and https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf , when TLS session tickets are activated, we lose Forward Secrecy.

So I think the report should emphasis that.

rugk commented 8 years ago

Another source: mozilla/server-side-tls#135

/cc @gene1wood @tomato42