The Backend Engineering Show with Hussein Nasser

The Cloudflare mTLS vulnerability - A Deep Dive Analysis

Apr 6, 2023

43:13

Creator website

AI Chapters

Episode notes

Introduction

3min

CloudFlare's MTLS Client Certificate Revocation Vulnerability With TLS Session Resumption

4min

Cloudflare Discovered a Vulnerability That Prevented Some Users With Revoked Certificates From Resuming a Session via Mutual TLS

3min

How to Revocation a Client Certificate

3min

Cloudfare's Certificate Rejection Check

2min

How to Use Client Certificates to Authenticate Users

4min

Cloudflare Dashboard: How to Revoke a Client Certificate

3min

How to Trust Root Certificates

2min

The Difference Between the Serial Number and the Public Key

2min

10.

TLS Session Resumption

2min

11.

TLS Session Resumption and Legoland

2min

12.

The Stateless Way to Encrypt a Session

3min

13.

How to Decrypt a Session Ticket

2min

14.

The Importance of Session Resumption

3min

15.

How to Safely Re-Enable Resumption for MTLs

2min

16.

Cloudfit's Fix for Session Resumption

3min

17.

Cloudflare's Fix for Session Resumption and Revocation

2min

Cloudflare released a blog detailing a vulnerability that has been in their system for nearly two years. it is related to mTLS or mutual TLS and specifically client certificate revocation. I explore this in details 0:00 Intro 3:00 The Vulnerability 7:00 What happened? 8:50 Certificate Revocation 12:30 Rejecting certain endpoints 17:00 Certificate Authentication 20:30 Certificate serial number 24:00 Session Resumption (PSK) 35:00 The bug 37:00 How they addressed the problem Fundamentals of Backend Engineering Design patterns udemy course (link redirects to udemy with coupon) https://backend.husseinnasser.com

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.