[security-dev 00055]: State of TLS 1.1 implementation
Christian Uebber
briefkasten at uebber.de
Tue Jan 29 00:48:16 UTC 2008
The SunJSSE of CBC mode is insecure against chosen plaintext attacks
(as all TLS 1.0 implemetations). What's the state of TLS 1.1 support
for (Open)JDK 7?
TLS 1.1 adds explicit IVs, which is a viable fix for the vulnerability
and also removes inter-record dependency. The latter is needed by DTLS
for loss insensitive messaging.
More information about the security-dev
mailing list