mirror of
https://github.com/telemt/telemt.git
synced 2026-05-17 00:16:20 +03:00
6ffbc51fb0
- forward valid-TLS/invalid-MTProto clients to mask backend in both client paths\n- harden TLS validation against timing and clock edge cases\n- move replay tracking behind successful authentication to avoid cache pollution\n- tighten secret decoding and key-material handling paths\n- add dedicated security test modules for tls/client/handshake/masking\n- include production-path regression for ClientHandler fallback behavior
16 lines
391 B
TOML
16 lines
391 B
TOML
[bans]
|
|
multiple-versions = "deny"
|
|
wildcards = "allow"
|
|
highlight = "all"
|
|
|
|
# Explicitly flag the weak cryptography so the agent is forced to justify its existence
|
|
[[bans.skip]]
|
|
name = "md-5"
|
|
version = "*"
|
|
reason = "MUST VERIFY: Only allowed for legacy checksums, never for security."
|
|
|
|
[[bans.skip]]
|
|
name = "sha1"
|
|
version = "*"
|
|
reason = "MUST VERIFY: Only allowed for backwards compatibility."
|