Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow use of secure session only #199

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

tmandke
Copy link

@tmandke tmandke commented Mar 28, 2023

This change allows the disabling of fallback used to access old, insecure sessions, and rewrite them as secure sessions. The fallback was originally added as part of the mitigation of CVE-2019-25025 several years back.

Motivation

This fallback mechanism was added 4 years ago. In many cases, or at least in our case, the expiry on old, insecure, sessions has long since passed. We'd like the ability to disable the fallback entirely as it will never be a valid path for us.

@tmandke tmandke force-pushed the optional-insecure-session-fallback branch from 23ccf4f to 0eb5495 Compare March 28, 2023 17:48
@stevenharman stevenharman force-pushed the optional-insecure-session-fallback branch from 0eb5495 to 0db1d35 Compare November 3, 2023 15:01
@stevenharman stevenharman force-pushed the optional-insecure-session-fallback branch from 0db1d35 to 7743696 Compare November 3, 2023 15:03
@stevenharman
Copy link

👋 Hello! Anything we can do to help this one along? We'd love to get back on the mainline version.

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants