TLS1.3 record padding
Xuelei Fan
xuelei.f at gmail.com
Mon Nov 7 16:22:09 UTC 2022
> What kind of padding length customization would you like to see in the JDK?
I may be hesitate to add a new API. A default random padding could be used instead, and might be controlled with a system property (e.g, “jdk.tls.client/server.maxRecordPadding” or “jdk.tls.client/server.recordPaddingRange”). If random padding is enable, the padding adding/removing should be constant-time.
Xuelei
> On Nov 7, 2022, at 6:21 AM, Daniel Jeliński <djelinski1 at gmail.com> wrote:
>
> Thanks Xuelei and Brad for your replies!
>
> https://bugs.openjdk.org/browse/JDK-8244983 <https://bugs.openjdk.org/browse/JDK-8244983> mentions that random padding could be used to mitigate BREACH attack. I googled for "breach random padding", found 3 similar requests [1] [2] [3] for enhancements, none of them was implemented. Also https://www.breachattack.com/ <https://www.breachattack.com/> does not list TLS record padding as a means to mitigate the attack, presumably because even with random padding the response length will be eventually revealed if the request can be repeated.
>
> What kind of padding length customization would you like to see in the JDK?
>
> Daniel
>
> [1] https://www.drupal.org/project/seckit/issues/2737783 <https://www.drupal.org/project/seckit/issues/2737783>
> [2] https://bz.apache.org/bugzilla/show_bug.cgi?id=64434 <https://bz.apache.org/bugzilla/show_bug.cgi?id=64434>
> [3] https://trac.nginx.org/nginx/ticket/1977 <https://trac.nginx.org/nginx/ticket/1977>
>
>
> sob., 5 lis 2022 o 04:01 Bradford Wetmore <bradford.wetmore at oracle.com <mailto:bradford.wetmore at oracle.com>> napisał(a):
>
>
> On 11/4/2022 8:58 AM, Xuelei Fan wrote:
> > The padding may be also necessary to prevent from a kind of attacks,
> > besides hiding the length. But I cannot recall the details.
>
> I have a vague recollection of that, but I was thinking it was something
> pre-1.3. But I'm not seeing any special padding in the pre-TLSv1.3
> changeset:
>
> c7c819cd8bba9f204f23b24a0d788fda61823eb3
>
> so I may be off in my recollections.
>
> > Here is an enhancement
> > request in JBS (https://bugs.openjdk.org/browse/JDK-8244983 <https://bugs.openjdk.org/browse/JDK-8244983>
> > <https://bugs.openjdk.org/browse/JDK-8244983 <https://bugs.openjdk.org/browse/JDK-8244983>>), please feel free to take
> > it.
>
> Ah yes.
>
> Brad
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20221107/dbaa33f2/attachment.htm>
More information about the security-dev
mailing list