Cloudflare mTLS client certificate revocation vulnerability with TLS Session Resumption
Cloudflare mTLS client certificate revocation vulnerability with TLS Session Resumption
04 April 2023
Upon realizing that session resumption led to the inability to properly check revocation status, Cloudflare responded by first disabling session resumption for all mTLS connections. This blocked the vulnerability immediately.