The Cloudflare mTLS vulnerability - A Deep Dive Analysis
The Backend Engineering Show with Hussein Nasser
00:00
TLS Session Resumption
The serial number is a tiny one, like 20 bytes. It's still way smaller than the minimum requirement for the elliptic curve digital signature public key. So they're using this for performance reasons, right? Understand this stuff. But what does this have to do with TLS session resumption? I'm trying to summarize all that and then I'll add my own thoughts on it.
Transcript
Play full episode
