alleged attack on TLS

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

alleged attack on TLS

From:	Nikos Mavrogiannopoulos
Subject:	alleged attack on TLS
Date:	Wed, 21 Sep 2011 10:25:28 +0200

There is hype on an alleged attack on the TLS protocol. The authors of
the alleged attack took an irresponsible stance by talking to media
about an alleged attack without providing any details. I'm not
providing any links to them because I don't want to encourage this
behavior by providing more publicity. From information gathered here
and there it seems the attack is a variation or an implementation of
the Bard attack [0]. If you are using GnuTLS and want to prevent such
attacks you can do the following:
* Make sure that TLS 1.1 or TLS 1.2 are not disabled (gnutls enables
them by default, but because of compatibility issues with broken peers
they are often disabled)

This will ensure that if the peer supports those protocols the attack
will not be applicable. If the peer does not support them you'll be
vulnerable to Bard-type of attacks. If this is a problem for you then:
* Disable SSL 3.0 and TLS 1.0

Datagram TLS 1.0 is not vulnerable to this attack.

regards,
Nikos

[0]. 
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887&rep=rep1&type=pdf

[Prev in Thread]

Current Thread

[Next in Thread]

alleged attack on TLS, Nikos Mavrogiannopoulos <=
- Re: alleged attack on TLS, Stephane Bortzmeyer, 2011/09/23
  - Re: alleged attack on TLS, Nikos Mavrogiannopoulos, 2011/09/23
  - Re: alleged attack on TLS, Nikos Mavrogiannopoulos, 2011/09/23

Prev by Date: Re: Compile GnuTLS on Centos 6
Next by Date: compilation error
Previous by thread: Compile GnuTLS on Centos 6
Next by thread: Re: alleged attack on TLS
Index(es):
- Date
- Thread