A team of researchers has published a paper that explains a number of attacks against websites and Web-based applications running TLS. The paper, called Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS, describes in detail how an attacker can use a man-in-the-middle attack to successfully impersonate a TLS client in attacks against TLS renegotiations, wireless networks, challenge-response protocols and channel-bound cookies. The researchers say their attacks work against leading browsers, VPN applications, and HTTPS libraries.
Source: https://threatpost.com/triple-handshake-attacks-target-tls-resumption-renegotiation/104603/