The Triple Handshake Issue was disclosed lately. As far as I understand it, it highly depends on renegotiation and resumption.
So the simple question is: Would disabling resumption and/or renegotiation mitigate this problem?
In more details:
Renegotiation seems to be quite secure, and there is only one problem about new certificates being presented. The authors highly recommend checking the newly presented certificate carefully. So fixing this would allow to keep renegotiation.
Resumption seems to be quite insecure. So until a long term fix is deployed, it seems to be better to disable it completely. Is this correct?
I am aware that disabling resumption will have a performance impact. For my current scenarios this is not relevant (long living TLS sessions). If someone still wants to elaborate on details, don't hesitate.