Channel-Bound Cookies Implementation in nginx
|Reported by:||Owned by:|
|uname -a:||Linux ip-172-31-43-3 4.14.72-68.55.amzn1.x86_64 #1 SMP Fri Sep 28 21:14:54 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux|
I've just had a look at this post about a Chrome security vulnerability that allows to steal cookies, and since a possible mitigation to this technique of stealing cookies would be having TLS Channel-Bound Cookies (http://www.browserauth.net/channel-bound-cookies), I was wondering if there is any plan to implement this feature into nginx.
It would be particularly useful in a reverse-proxy configuration, so that nginx could validate the cookie before sending to the backed app.