[koheripbal]

...then again, I imagine the security of me streaming Resident Alien on my Roku isn't really a big concern for me.

hmm... unless my Amazon credential handshake is in that?

[rakoo]

It's not an issue, until someone finds a way to mitm the request, send a special payload to your Roku that is then opened by an unpatched ffmpeg (https://www.linuxcompatible.org/story/asa2020074-ffmpeg-arbi...) that allows an RCE and turn your Resident Alien into a Resident Zombie.

[elithrar]

Your credentials might go to a different endpoint, but the device is still limited in its TLS support as a client.

The attacks aren’t entirely practical, and the threat model for “someone cares enough to MitM my streaming connection” isn’t a common one, but it’s much closer to practical compared to attacks on TLS 1.2 & 1.3.

[Sohcahtoa82]

Possibly.

But it's not like the attacks on TLS 1.0 and 1.1 are trivial. To successfully break a single encrypted connection requires massive server farms.

The people actually attempting to maliciously break TLS handshakes are working on much bigger targets.