@BRIAN_____ @scarybeasts If only we could go back in time and add ALPN support to all FTP over TLS clients.
@agl__ @BRIAN_____ @scarybeasts you mean require ALPN on the FTP server? why not just block on ALPN mismatch server-side?
-
-
@agl__@BRIAN_____@scarybeasts slowly adding ALPN to all clients and servers would mitigate without breakage -
@agl__@BRIAN_____@scarybeasts this particular attack would be blocked by blocking "http/1.1" and other incompat ALPN on FTPS servers - 6 more replies
New conversation -
-
-
@tehjh@BRIAN_____@scarybeasts Yes, you could have the server agree to negotiate the HTTP ALPNs just to return an HTTP error.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.