The Cloudflare mTLS vulnerability - A Deep Dive Analysis
The Backend Engineering Show with Hussein Nasser
00:00
Cloudfit's Fix for Session Resumption
The vulnerability resulted from a bug whereby certificate or evocations that were not checked for session resumption. Instead of rolling on their own data structure to store the certificate themselves and rely on manually updating that, they're just relying on the underlining X509 certificate to always get us this. In March 2021, we introduced the new feature, right? The ability to revoke MTLS certificate in December 16, right? And they tell you the exact same terms.
Transcript
Play full episode
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
