15 min listen
The Cloudflare mTLS vulnerability - A Deep Dive Analysis
The Cloudflare mTLS vulnerability - A Deep Dive Analysis
ratings:
Length:
43 minutes
Released:
Apr 6, 2023
Format:
Podcast episode
Description
Cloudflare released a blog detailing a vulnerability that has been in their system for nearly two years. it is related to mTLS or mutual TLS and specifically client certificate revocation. I explore this in details
0:00 Intro
3:00 The Vulnerability
7:00 What happened?
8:50 Certificate Revocation
12:30 Rejecting certain endpoints
17:00 Certificate Authentication
20:30 Certificate serial number
24:00 Session Resumption (PSK)
35:00 The bug
37:00 How they addressed the problem
Fundamentals of Backend Engineering Design patterns udemy course (link redirects to udemy with coupon)
https://backend.husseinnasser.com
0:00 Intro
3:00 The Vulnerability
7:00 What happened?
8:50 Certificate Revocation
12:30 Rejecting certain endpoints
17:00 Certificate Authentication
20:30 Certificate serial number
24:00 Session Resumption (PSK)
35:00 The bug
37:00 How they addressed the problem
Fundamentals of Backend Engineering Design patterns udemy course (link redirects to udemy with coupon)
https://backend.husseinnasser.com
Released:
Apr 6, 2023
Format:
Podcast episode
Titles in the series (100)
Episode 01 - Sync vs aSync by The Backend Engineering Show with Hussein Nasser