
GnuTLS TLS 1.3 session resumption works without master key, allowing MITM - Sami_Lehtinen
https://gitlab.com/gnutls/gnutls/-/issues/1011
======
yourad_io
Any ideas which software uses gnutls by default? I couldn't figure it out.

~~~
fardelian
[https://en.wikipedia.org/wiki/GnuTLS#Deployment](https://en.wikipedia.org/wiki/GnuTLS#Deployment)

>Software packages using GnuTLS include(d):

    
    
        GNOME
        CenterIM
        Exim
        Weechat
        Mutt
        Wireshark
        slrn
        Lynx
        CUPS
        gnoMint
        GNU Emacs
        Synology DiskStation Manager
        OpenConnect

------
chaz6
This seems to be in the GnuTLS implementation and not the specification itself
as the title led me to believe.

~~~
bpfrh
Agreed, would be better if the title would be changed to "MITM flaw in Gnutls
implementation of TLS 1.2 & 1.3"

