X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fauths%2Fgsasl_exim.c;h=afd745bd7f8269411abaf81cf6bbc1fe26f77d20;hb=ca22cc0abe93c28f3d296d99c239413bb0d079c4;hp=12713705b4c1a776547e0c8773d305a471234568;hpb=90c2ddb98a7ae6ce99fb8f6312abbe34b7f561ba;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c
index 12713705b..afd745bd7 100644
--- a/src/src/auths/gsasl_exim.c
+++ b/src/src/auths/gsasl_exim.c
@@ -831,7 +831,8 @@ if (tls_out.channelbinding && ob->client_channelbinding)
   {
 # ifndef DISABLE_TLS_RESUME
   if (!tls_out.ext_master_secret && tls_out.resumption == RESUME_USED)
-    {		/* per RFC 7677 section 4 */
+    {	/* Per RFC 7677 section 4.  See also RFC 7627, "Triple Handshake"
+	vulnerability, and https://www.mitls.org/pages/attacks/3SHAKE */
     string_format(buffer, buffsize, "%s",
       "channel binding not usable on resumed TLS without extended-master-secret");
     return FAIL;