Downgrade attack on TLS 1.3 and vulnerabilities in major TLS libraries:

– the attack leverages a side-channel leak via cache access timings (in OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS)
– it affects all TLS versions, including TLS 1.3
– one requirement for the attack are RSA key exchanges

@infosechandbook Ugh. I did not know about the USENIX 2018 IPSEC/IKE paper referenced as previous work:

This looks pretty bad for IKE:
"IKEv1 PSK in aggressive mode can be broken by a passive adversary, and both IKEv1 PSK in main mode and IKEv2 PSK can be broken by an active adversary who acts as a responder."
"[..] we could successfully attack all public key - based variants of IKEv1 and IKEv2 with success probabilities between 7 % and 26% in a single attempt."

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse. Note: This instance will shut down on February 29th, 2020.