From theregister.com
![keys hanging from ceiling](https://regmedia.co.uk/2019/01/22/shuttertsock_key.jpg?x=648&y=324&crop=1)
GnuTLS, a widely used open source library implementing Transport Layer Security, last week fixed a bug that had been hiding in the code for almost two years that made resumed TLS 1.3 sessions vulnerable to attack.
The TLS handshake requires two round-trips between client and server to establish a secure connection. Session tickets provide a way to resume previously established connections with only one round-trip. But this convenience comes at a cost – it’s less secure, as described by Google cryptographer Filippo Valsorda.