TLS1.3 record padding
Daniel Jeliński
djelinski1 at gmail.com
Mon Nov 7 14:21:24 UTC 2022
Thanks Xuelei and Brad for your replies!
https://bugs.openjdk.org/browse/JDK-8244983 mentions that random padding
could be used to mitigate BREACH attack. I googled for "breach random
padding", found 3 similar requests [1] [2] [3] for enhancements, none of
them was implemented. Also https://www.breachattack.com/ does not list TLS
record padding as a means to mitigate the attack, presumably because even
with random padding the response length will be eventually revealed if the
request can be repeated.
What kind of padding length customization would you like to see in the JDK?
Daniel
[1] https://www.drupal.org/project/seckit/issues/2737783
[2] https://bz.apache.org/bugzilla/show_bug.cgi?id=64434
[3] https://trac.nginx.org/nginx/ticket/1977
sob., 5 lis 2022 o 04:01 Bradford Wetmore <bradford.wetmore at oracle.com>
napisał(a):
>
>
> On 11/4/2022 8:58 AM, Xuelei Fan wrote:
> > The padding may be also necessary to prevent from a kind of attacks,
> > besides hiding the length. But I cannot recall the details.
>
> I have a vague recollection of that, but I was thinking it was something
> pre-1.3. But I'm not seeing any special padding in the pre-TLSv1.3
> changeset:
>
> c7c819cd8bba9f204f23b24a0d788fda61823eb3
>
> so I may be off in my recollections.
>
> > Here is an enhancement
> > request in JBS (https://bugs.openjdk.org/browse/JDK-8244983
> > <https://bugs.openjdk.org/browse/JDK-8244983>), please feel free to
> take
> > it.
>
> Ah yes.
>
> Brad
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20221107/f5beb0b3/attachment.htm>
More information about the security-dev
mailing list