Showing posts from November, 2011

A proposal to countermeasure BEAST attack

I posted the proposal to countermeasure the BEAST attack in Bug 665814 at Bugzilla@Mozilla. For quick reference, I copy it in the blog:

Xuelei Fan 2011-07-20 20:35:42 PDT  Comment 59:
One significant drawback of the current proposed countermeasure (sending empty application data packets) is that the empty packet might be rejected by the TLS peer (see comments #30/#50/others: MSIE does not accept empty fragments, Oracle application server (non-JSSE) cannot accept empty fragments, etc.) We've been looking at a slightly different countermeasure that should comply with the TLSv1.0/SSLv3.0 specifications, and likely won't break implementations. Would you please review the following proposal? If this is sound, this might avoid the empty packet issue, and the switches necessary to configure it. Looking at the spec of TLS, the block-ciphered structure is defined as: block-ciphered struct { opaque content[TLSCompressed.length]; opaque M…