Descriptionnet: only False Start with forward secret servers.
Bodo made the point that we originally sacrificed an aspect of forward secrecy
in order to use False Start widely. Specifically, an attacker can alter the
handshake and cause a non-forward secure ciphersuite to be selected and the
client's initial write will not be forward secret.
Since we are no longer trying to use False Start everywhere, we can close that
gap by only allowing it for forward secret connections.
This change also addresses follow up comments on
https://chromiumcodereview.appspot.com/10014010/ and adds the patch file that
was missing in that change.
BUG=none
TEST=net_unittests
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=133255
Patch Set 1 #
Total comments: 2
Patch Set 2 : ... #
Messages
Total messages: 5 (0 generated)
|