GnuTLS was using an all-zero key for encrypting TLS session tickets. Whoops.
Conversation
Replying to
FFS can we just deprecate session resumption already? It's not worth the risks.
1
2
26
Thankfully either side (client or server) can unilaterally refuse to use it, so there are lots of paths to push for deprecation.
1
1
2
TLS 1.3 already goes a long way towards that and most people aren't trying to use 0-RTT. There will be even less reason to care about it with QUIC since it puts the TLS handshake into the equivalent of the TCP handshake as long as the certificates aren't too bloated.
2
1
With QUIC, if you don't use bloated certificates, you don't need any extra round trip for TLS anyway without needing the scary 0-RTT feature. 0-RTT is pretty fucking sketchy by the way. It would be safe to use with HTTP GET with how I implement services but not the way most do...
I'm really not interested in hearing about Google's goofy attempt to replace standard protocols for the sake of making hideously bloated websites less disincentivized by bad ux.
1
1
QUIC refers to the IETF protocol. Google's proof of concept protocol is referred to as gQUIC now. HTTP/3 is essentially HTTP/2 over QUIC with minor changes to deal with running on top of a multiplexed protocol. It won't be any less standard than other protocols.
2
1
Show replies