2 matches found
TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
...
httpd: mod_ssl: access control bypass when using per-location client certification authentication
A flaw was found in Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38. A bug in modssl, when using per-location client certificate verification with TLSv1.3, allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. An attacker could perform vario...