SSL_select_next_proto` buffer overread celebrating a decade of publishing your heap over the internet

ok, if that article tagline does not grab your attention, youre dead inside.

tl;dr

• current exploit unlikely, but historical exploits possible.
• roll aging secrets and be cautious about the integrity of older session data.