Everand Logo

Welcome to Everand!

  • Discover this podcast and so much more

    Podcasts are free to enjoy without a subscription. We also offer ebooks, audiobooks, and so much more for just $11.99/month.

    The Cloudflare mTLS vulnerability - A Deep Dive Analysis

    The Cloudflare mTLS vulnerability - A Deep Dive Analysis

    FromThe Backend Engineering Show with Hussein Nasser

    Start listeningView podcast show

    The Cloudflare mTLS vulnerability - A Deep Dive Analysis

    FromThe Backend Engineering Show with Hussein Nasser

    ratings:
    Length:
    43 minutes
    Released:
    Apr 6, 2023
    Format:
    Podcast episode

    Description

    Cloudflare released a blog detailing a vulnerability that has been in their system for nearly two years. it is related to mTLS or mutual TLS and specifically client certificate revocation. I explore this in details

    0:00 Intro
    3:00 The Vulnerability
    7:00 What happened?
    8:50 Certificate Revocation
    12:30 Rejecting certain endpoints
    17:00 Certificate Authentication
    20:30 Certificate serial number
    24:00 Session Resumption (PSK)
    35:00 The bug
    37:00 How they addressed the problem




    Fundamentals of Backend Engineering Design patterns udemy course (link redirects to udemy with coupon)
    https://backend.husseinnasser.com
    Released:
    Apr 6, 2023
    Format:
    Podcast episode

    Titles in the series (100)

    Welcome to the Backend Engineering Show podcast with your host Hussein Nasser. If you like software engineering you’ve come to the right place. I discuss all sorts of software engineering technologies and news with specific focus on the backend. All opinions are my own. Most of my content in the podcast is an audio version of videos I post on my youtube channel here http://www.youtube.com/c/HusseinNasser-software-engineering Buy me a coffee https://www.buymeacoffee.com/hnasr ?‍? Courses I Teach https://husseinnasser.com/courses