MITM Attacks on Client Authentication after Resumption
There is a new TLS Triple Handshakes attack.
This could affect client certificate authentication and the channel binding used in SCRAM-SHA-1-PLUS.
This attack exploits weaknesses in TLS session resumption. Details of the attack are described in: https://secure-resumption.com/tlsauth.pdf by Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Alfredo Pironti and Pierre-Yves Strub.
Disable TLS session resumption. Resumption is used only as performance optimization, but XMPP protocol is using long duration TCP connections and does TLS key exchange only infrequently, so the performance impact should be very, very small. (HTTPS protocol is using many short duration TCP connections, especially if HTTP pipelining is not used).
This also improves forward secrecy, because full handshake resulting in a new session key would have to be calculated on each login. (If the XMPP server supports ciphers with forward secrecy).