Message310420
For example an invalid host name should invalidate the session until #31399 is resolved. Any TLS protocol violation should also invalidate the session. If somebody messes with the connection or the TLS protocol encounters a problem during MAC validation, the connection must be considered as tainted.
Some exception may be fine. IMO it's still safer hard-close the connection on any exceptions.
I agree with you. Let's not guess and ask some experts. I'm having meetings with security engineers from GnuTLS and NSS next week. I'll ask them. |
|
Date |
User |
Action |
Args |
2018-01-22 12:06:35 | christian.heimes | set | recipients:
+ christian.heimes, vstinner, alex, njs, martin.panter, cheryl.sabella |
2018-01-22 12:06:35 | christian.heimes | set | messageid: <1516622795.53.0.467229070634.issue27815@psf.upfronthosting.co.za> |
2018-01-22 12:06:35 | christian.heimes | link | issue27815 messages |
2018-01-22 12:06:35 | christian.heimes | create | |
|