Strong credibility of a vulnerability with TLS-SNI

Tonypaddy · October 9, 2018, 6:11am

tls-sni challenge disabled

[Identified] Update regarding TLS-SNI validation can be found here: 2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure

[Investigating] The tls-sni challenge has been disabled due to strong credibility of a vulnerability report.

tdelmas · October 9, 2018, 10:17am

Yes, it was posted there:

cpu · October 9, 2018, 3:02pm

This looks like it has been copy-pasted from the status.io update we posted in ~Jan 2018 when the vulnerability was initially reported to us.

@Tonypaddy Do you have a specific question in relation to the above?

system · November 8, 2018, 3:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
TLS-SNI challenges disabled for most new issuance API Announcements	4	17996	January 18, 2018
ACME TLS-SNI-01 validation disabled due to vulnerability Incidents	0	9523	January 10, 2018
TLS-SNI-01 validation is reaching end-of-life Help	28	5142	March 8, 2019
March 13, 2019: End-of-Life for All TLS-SNI-01 Validation Support API Announcements	7	89427	March 15, 2019
What you need to know about TLS-SNI validation issues API Announcements	1	61068	January 18, 2018