alt Hacker NewsDiffe-Hellman-Merkel key exchange is vulnerable to attacker-in-the-middle attacks.
Eave could just do key negotiation with Alice and separately do key negotiation with Bob. You have to use a slightly more complicated cryptographic protocol to avoid this issue.
The only way to avoid this issue is if Alice and Bob can talk out-of-band. There's no protocol that fixes this.