TLS1.3 record padding
Daniel Jeliński
djelinski1 at gmail.com
Fri Nov 4 11:21:29 UTC 2022
Hello,
I noticed that we're padding every TLS 1.3 record with exactly 16 zeros
[1]. I'd like to remove that padding to conserve network bandwidth and
processing power. Thoughts?
Some background:
- TLS 1.3 RFC [2] defines padding as a means to hide the size of the
traffic. Constant-length padding does not hide it, obviously. The RFC does
not define any padding policies ("Selecting a padding policy that suggests
when and how much to pad is a complex topic and is beyond the scope of this
specification.")
- OpenSSL [3] defines 2 methods to select the length of the padding block:
the user may provide a callback that selects adequate padding length, or
provide block length, and then every record is padded to a multiple of
block length. By default OpenSSL does not pad records.
- I'm not aware of any discussions around record padding on this list,
which suggests that there's no demand for more complex padding schemes.
Regards,
Daniel
[1]
https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/OutputRecord.java#L302
[2] https://www.rfc-editor.org/rfc/rfc8446.html#section-5.4
[3]
https://www.openssl.org/docs/man1.1.1/man3/SSL_set_record_padding_callback.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20221104/f042c55f/attachment.htm>
More information about the security-dev
mailing list