22 Attacks on TLS Implementations

In the previous chapter, we discussed attacks on the TLS Record protocol. Among other things, we learned how timing side channels can be used to create padding oracles, how predictable initialization vectors can be exploited to attack the CBC mode of operation, and how lossless data compression can compromise the security of an encryption scheme even if the scheme itself is cryptographically secure.

In this chapter, we will take a detailed look at attacks exploiting bugs in TLS software implementations. Among other things, we will cover the following topics:

Security vulnerabilities resulting from implementing complex specifications
Security implications of Alice and Bob having a different view of the cryptographic ...

Get TLS Cryptography In-Depth now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

TLS Cryptography In-Depth by Dr. Paul Duplys, Dr. Roland Schmitz

22

Attacks on TLS Implementations

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly