-
Enhancement
-
Resolution: Unresolved
-
P4
-
None
-
15
-
x86_64
-
linux
ADDITIONAL SYSTEM INFORMATION :
This request applies to all operating systems / platforms.
A DESCRIPTION OF THE PROBLEM :
The TLS specification (RFC 8446) section 5.4 defines optional Record Padding: https://tools.ietf.org/html/rfc8446#section-5.4
As a security improvement, I suggest that Java implement random record padding for all TLS 1.3 connections, client and server.
On the client side, there are no known (at least, not known to me) vulnerabilities that random record padding would mitigate. However, it can't hurt... and maybe there's a future vulnerability that will be a non-issue if random record padding is implemented now.
On the server side, random record padding mitigates BREACH and similar vulnerabilities.
In OpenSSL, this is done using SSL_CTX_set_record_padding_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_set_block_padding.html
This request applies to all operating systems / platforms.
A DESCRIPTION OF THE PROBLEM :
The TLS specification (RFC 8446) section 5.4 defines optional Record Padding: https://tools.ietf.org/html/rfc8446#section-5.4
As a security improvement, I suggest that Java implement random record padding for all TLS 1.3 connections, client and server.
On the client side, there are no known (at least, not known to me) vulnerabilities that random record padding would mitigate. However, it can't hurt... and maybe there's a future vulnerability that will be a non-issue if random record padding is implemented now.
On the server side, random record padding mitigates BREACH and similar vulnerabilities.
In OpenSSL, this is done using SSL_CTX_set_record_padding_callback: https://www.openssl.org/docs/man1.1.1/man3/SSL_set_block_padding.html