]> git.netwichtig.de Git - user/henk/code/exim.git/blobdiff - src/src/auths/gsasl_exim.c
projects / user / henk / code / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Auths: in plaintext authenticator, fix parsing of consecutive circuflex. Bug 2687
[user/henk/code/exim.git] / src / src / auths / gsasl_exim.c
diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c
index 12713705b4c1a776547e0c8773d305a471234568..afd745bd7f8269411abaf81cf6bbc1fe26f77d20 100644 (file)
--- a/src/src/auths/gsasl_exim.c
+++ b/src/src/auths/gsasl_exim.c
@@ -831,7 +831,8 @@ if (tls_out.channelbinding && ob->client_channelbinding)
   {
 # ifndef DISABLE_TLS_RESUME
   if (!tls_out.ext_master_secret && tls_out.resumption == RESUME_USED)
-    {          /* per RFC 7677 section 4 */
+    {  /* Per RFC 7677 section 4.  See also RFC 7627, "Triple Handshake"
+       vulnerability, and https://www.mitls.org/pages/attacks/3SHAKE */
     string_format(buffer, buffsize, "%s",
       "channel binding not usable on resumed TLS without extended-master-secret");
     return FAIL;