Home / Companies / Cloudflare / Blog / Post Details
Content Deep Dive

Resolving a Mutual TLS session resumption vulnerability

Blog post from Cloudflare

Post Details
Company
Date Published
Author
Matt Bullock, Rushil Mehra, Alessandro Ghedini
Word Count
1,331
Company Posts That Month
14
Language
English
Hacker News Points
-
Post removed?
No
Summary

The Cloudflare Mutual TLS (mTLS) implementation was found to have a vulnerability in its session resumption handling, which allowed attackers to bypass mTLS authentication and access protected resources. The vulnerability was reported via Cloudflare's Bug Bounty Program and was tracked as CVE-2025-23419. Cloudflare mitigated the issue within 32 hours after being notified by disabling TLS session resumption for all customers using mTLS. Customers can implement mTLS through Cloudflare API Shield with Custom Firewall Rules and the Cloudflare Zero Trust product suite, which establishes a secure connection between the client and server. The vulnerability was caused by an incorrect use of BoringSSL's session cache partitioning API, which allowed attackers to reuse cached client certificates without re-validating them against the full certificate chain. To mitigate this issue, Cloudflare has added additional logging headers to its logs, allowing customers to detect future issues and enforce stricter authentication policies.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Zero Trust 2 79 22 15 +11%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.