Issue metadata
Sign in to add a comment
|
QUIC server configs may be cached for too long |
||||||||||||||||||||
Issue descriptionIf a MITM intercepts a REJ and replaced the TTL value with a malicious value chrome will use the config for too long.
,
Nov 30 2016
,
Dec 1 2016
Your change meets the bar and is auto-approved for M56 (branch: 2924)
,
Dec 1 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4 commit f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4 Author: Ryan Hamilton <rch@chromium.org> Date: Thu Dec 01 19:01:29 2016 [m56 merge] Make QuicCryptoClientConfig only cache server configs for 1 week. Merge internal change: 140540620 BUG= 669671 Review-Url: https://codereview.chromium.org/2534303002 Cr-Commit-Position: refs/heads/master@{#435185} (cherry picked from commit f2585be417280721a8f00ec802ca50e01597295b) Review URL: https://codereview.chromium.org/2541163005 . Cr-Commit-Position: refs/branch-heads/2924@{#255} Cr-Branched-From: 3a87aecc31cd1ffe751dd72c04e5a96a1fc8108a-refs/heads/master@{#433059} [modify] https://crrev.com/f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4/net/quic/core/crypto/quic_crypto_client_config.cc [modify] https://crrev.com/f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4/net/quic/core/crypto/quic_crypto_client_config_test.cc [modify] https://crrev.com/f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4/net/quic/core/quic_time.h
,
Mar 24 2017
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by bugdroid1@chromium.org
, Nov 30 2016