git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
channel binding notes
[exim.git]
/
src
/
src
/
auths
/
gsasl_exim.c
diff --git
a/src/src/auths/gsasl_exim.c
b/src/src/auths/gsasl_exim.c
index 12713705b4c1a776547e0c8773d305a471234568..afd745bd7f8269411abaf81cf6bbc1fe26f77d20 100644
(file)
--- a/
src/src/auths/gsasl_exim.c
+++ b/
src/src/auths/gsasl_exim.c
@@
-831,7
+831,8
@@
if (tls_out.channelbinding && ob->client_channelbinding)
{
# ifndef DISABLE_TLS_RESUME
if (!tls_out.ext_master_secret && tls_out.resumption == RESUME_USED)
- { /* per RFC 7677 section 4 */
+ { /* Per RFC 7677 section 4. See also RFC 7627, "Triple Handshake"
+ vulnerability, and https://www.mitls.org/pages/attacks/3SHAKE */
string_format(buffer, buffsize, "%s",
"channel binding not usable on resumed TLS without extended-master-secret");
return FAIL;
git://git.exim.org / exim.git / blobdiff