manpagez: man pages & more
info gnutls
Home | html | info | man
[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

3.3.3 Weaknesses and Countermeasures

Some weaknesses that may affect the security of the Record layer have been found in TLS 1.0 protocol. These weaknesses can be exploited by active attackers, and exploit the facts that

  1. TLS has separate alerts for “decryption_failed” and “bad_record_mac”
  2. The decryption failure reason can be detected by timing the response time.
  3. The IV for CBC encrypted packets is the last block of the previous encrypted packet.

Those weaknesses were solved in TLS 1.1 [RFC4346] (see section Bibliography) which is implemented in GnuTLS. For a detailed discussion see the archives of the TLS Working Group mailing list and the paper [CBCATT] (see section Bibliography).


© manpagez.com 2000-2024
Individual documents may contain additional copyright information.