There is hype on an alleged attack on the TLS protocol. The authors of the alleged attack took an irresponsible stance by talking to media about an alleged attack without providing any details. I'm not providing any links to them because I don't want to encourage this behavior by providing more publicity. From information gathered here and there it seems the attack is a variation or an implementation of the Bard attack [0]. If you are using GnuTLS and want to prevent such attacks you can do the following: * Make sure that TLS 1.1 or TLS 1.2 are not disabled (gnutls enables them by default, but because of compatibility issues with broken peers they are often disabled)
This will ensure that if the peer supports those protocols the attack will not be applicable. If the peer does not support them you'll be vulnerable to Bard-type of attacks. If this is a problem for you then: * Disable SSL 3.0 and TLS 1.0 Datagram TLS 1.0 is not vulnerable to this attack. regards, Nikos [0]. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887&rep=rep1&type=pdf _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
