Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Maintained by Hanno Böck.

New research shows that cryptographic code often is still vulnerable to side-channel attacks.

An attack called PortSmash shows how to exploit side channels in the hyperthreading functionality of modern CPUs. A proof of concept attack against OpenSSL has been published on GitHub, and a research paper also is available.

The core idea of this attack was published by Colin Percival thirteen years ago. The reason the OpenSSL code is vulnerable is that it has branches based on secrets. OpenSSL has released a security advisory.

Furthermore, a different, unrelated side-channel attack affecting the DSA and ECDSA code in OpenSSL also has been fixed. No details have been published on that attack. OpenSSL has released versions 1.0.2q, 1.1.0j, and 1.1.1a with fixes.

Short news

• A cross-site scripting vulnerability was found in the TLS error messages of the Squid proxy software.
• Three research papers have attacked the security of the OCB2 authenticated encryption mode. The attacks don’t affect the other OCB versions, OCB1 and OCB3. OCB was never used in TLS, but a draft exists, though it relies on the unaffected OCB3.
• Sennheiser has shipped a TLS root certificate with its headset software, a vulnerability similar to the Superfish incident.
• A research paper investigates changes in TLS clients and servers between 2012 and today. A blog post at APNIC summarizes the results.
• Michael Driscoll created a web page explaining the TLS 1.3 handshake in detail.
• ETSI has standardized Enterprise TLS (eTLS), a variant of TLS 1.3 that allows passive interception with knowledge of a static Diffie-Hellman key. Similar proposals have been made in the IETF in the past but were always rejected due to concerns that they would compromise the security of TLS or allow for abuse of mass surveillance.
• WISeKey and DigiCert have announced DigiCert’s intention to acquire WISeKey’s certificate business, which operates under the name QuoVadis.
• ZDNet reports that Scott Arcizewski from Paragon Initiative has discovered many cases of PHP code in content management system plugins that use cURL without certificate validation.
• Physicist Mikhail Dyakonov argues in IEEE Spectrum that quantum computers are unlikely ever to become practical. A large quantum computer would be able to break today’s public key cryptosystems, which lately has fueled research for post-quantum cryptography—but it’s unclear if quantum computers capable of breaking crypto will ever become practical.
• A side-channel attack called Return of the Hidden Number Problem or RHNP has been published in a research paper. The attack was announced in June in a blog post from NCC Group; fixes have been available for most affected libraries for a while.
• The next version of HTTP most likely will be called HTTP/3, and the encrypted transport will be based on the QUIC protocol. Daniel Stenberg explains the details in a blog post.