Using it opens a number of cans of worms that are vulnerable to attacks, as either session tickets or session data needs to be stored "to remember" the first round-trip of the previously opened secure channel. The only real reason for this to be used is to halve the number of negotiation roundtrips to make the repeated setup of the secure channel(s) less of a performance issue. IIRC, although everyone seems to think that TLS session resume makes the server or the session more secure, it in fact is to a certain degree the opposite as well.
I wanted to chime in on this as I have encountered it before in other contexts (not FluentFTP). I think this could definitely be right, but I am not sure.
0 kommentar(er)
