andrei/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-06-15 02:00:09 +07:00
Code Issues Packages Projects Releases Wiki Activity

security: harden handshake/masking flows and add adversarial regressions

Browse Source 
- forward valid-TLS/invalid-MTProto clients to mask backend in both client paths\n- harden TLS validation against timing and clock edge cases\n- move replay tracking behind successful authentication to avoid cache pollution\n- tighten secret decoding and key-material handling paths\n- add dedicated security test modules for tls/client/handshake/masking\n- include production-path regression for ClientHandler fallback behavior
This commit is contained in:
David Osipov
2026-03-16 20:04:41 +04:00
parent dcab19a64f
commit 6ffbc51fb0
11 changed files with 2669 additions and 502 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.cargo/deny.toml
+1 -1
View File
@@ -12,4 +12,4 @@ reason = "MUST VERIFY: Only allowed for legacy checksums, never for security."
[[bans.skip]]
name = "sha1"
version = "*"
reason = "MUST VERIFY: Only allowed for backwards compatibility."
reason = "MUST VERIFY: Only allowed for backwards compatibility."