[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

alleged attack on TLS

From: Nikos Mavrogiannopoulos
Subject: alleged attack on TLS
Date: Wed, 21 Sep 2011 10:19:40 +0200

There is hype on an alleged attack on the TLS protocol. The authors of
the alleged attack took an irresponsible stance by talking to media
about an alleged attack without providing any details. I'm not
providing any links to them because I don't want to encourage this
behavior by providing more publicity. From information gathered here
and there it seems the attack is a variation or an implementation of
the Bard attack [0]. If you are using GnuTLS and want to prevent such
attacks you can do the following:
* Make sure that TLS 1.1 or TLS 1.2 are not disabled (gnutls enables
them by default, but because of compatibility issues with broken peers
they are often disabled)

This will ensure that if the peer supports those protocols the attack
will not be applicable. If the peer does not support them you'll be
vulnerable to Bard-type of attacks. If this is a problem for you then:
* Disable SSL 3.0 and TLS 1.0

Datagram TLS 1.0 is not vulnerable to this attack.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]