Lily Wilson

client test should check for vulnerability to forward secrecy rollback attack against NSS

Discussion created by Lily Wilson on May 9, 2015

section V-C of https://www.smacktls.com/smack.pdf describes a forward-secrecy rollback attack against clients that use NSS <3.19 or certain versions of openssl and do false start. it'd probably be good for the client test to check for this vulnerability.

Outcomes