TLS1.3 record padding

Xuelei Fan xuelei.f at gmail.com
Fri Nov 4 15:58:03 UTC 2022 

The padding may be also necessary to prevent from a kind of attacks, besides hiding the length.  But I cannot recall the details.

Removing padding may be not the direction.  Instead, a padding length customizable solution may be more flexible.  Here is an enhancement request in JBS (https://bugs.openjdk.org/browse/JDK-8244983 <https://bugs.openjdk.org/browse/JDK-8244983>), please feel free to take it.    

Xuelei

> On Nov 4, 2022, at 4:21 AM, Daniel Jeliński <djelinski1 at gmail.com> wrote:
> 
> Hello,
> I noticed that we're padding every TLS 1.3 record with exactly 16 zeros [1]. I'd like to remove that padding to conserve network bandwidth and processing power. Thoughts?
> 
> Some background:
> - TLS 1.3 RFC [2] defines padding as a means to hide the size of the traffic. Constant-length padding does not hide it, obviously. The RFC does not define any padding policies ("Selecting a padding policy that suggests when and how much to pad is a complex topic and is beyond the scope of this specification.")
> - OpenSSL [3] defines 2 methods to select the length of the padding block: the user may provide a callback that selects adequate padding length, or provide block length, and then every record is padded to a multiple of block length. By default OpenSSL does not pad records.
> - I'm not aware of any discussions around record padding on this list, which suggests that there's no demand for more complex padding schemes.
> 
> Regards,
> Daniel
> 
> [1] https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/OutputRecord.java#L302 <https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/OutputRecord.java#L302>
> [2] https://www.rfc-editor.org/rfc/rfc8446.html#section-5.4 <https://www.rfc-editor.org/rfc/rfc8446.html#section-5.4>
> [3] https://www.openssl.org/docs/man1.1.1/man3/SSL_set_record_padding_callback.html <https://www.openssl.org/docs/man1.1.1/man3/SSL_set_record_padding_callback.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20221104/cd7eae6f/attachment.htm>

More information about the security-dev mailing list