DTLS padding oracle still an issue?

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Fri May 15 01:36:11 PDT 2015


On Fri, May 15, 2015 at 1:05 AM, Christian Fahr
<christian.fahr at stud.tu-darmstadt.de> wrote:
> Hi all,
> regarding this
> http://nmav.gnutls.org/2013/11/inside-ssl-vpn-protocol.html blogpost by
> Nikos Mavrogiannopoulos in 2013 and Ciscos implementation of pre-DTLS
> 1.0 in the AnyConnect SSL VPN protocol.
> Is this padding attack still an issue or has this been fixed in the
> meantime? If so, how likely is this to be exploitable?

If you use openconnect client and server there is no such issue,
because it will negotiate AES-GCM. However, even with AES-CBC there
are work arounds in gnutls and openssl which make the padding oracle
impractical.

regards,
Nikos



More information about the openconnect-devel mailing list