On Wed, Jan 04, 2017 at 03:48:25PM -0600, Benjamin Kaduk wrote: > On 01/03/2017 10:38 PM, Martin Thomson wrote: > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > > When a server has valid credentials for multiple server names, and at > least one of those names could also be served by valid credentials on a > different server, it may be possible for an attacker > to replay traffic from a client intended for the second server against > the first server, including 0-RTT data. This behavior can be avoided if > the server knows what server name is expected for a given request (e.g., > via an HTTP Host header) and verifies that the supplied SNI extension > matches the expected server name, though in some cases the mismatch is > harmless. > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Checking that Host/:authority and SNI match does not work properly for HTTP/2. There, if you want to avoid default-vhost attacks, you have to check :authority (Host) without reference to SNI. -Ilari _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
