We need to talk about TLS 1.2 Session Tickets and how they are the weakest link in modern TLS deployments.https://blog.filippo.io/we-need-to-talk-about-session-tickets/ …
-
Show this thread
Replying to @FiloSottile
Nice writeup, but missing the obvious solution til TLS 1.3 is widespread: clients should remove support for TLS 1.2 Session Tickets.
10:49 AM - 28 Sep 2017
0 replies
0 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.