/tls-what-can-go-wrong

TLS - what can go wrong?

The UnlicenseUnlicense

TLS - what can go wrong?

RSA Key generation

RSA encryption handshake

RSA signature handshake

ECDSA / DSA handshake

  • Duplicate r (not found in the wild yet)

Static DH/ECDH handshake

Diffie Hellman

ECDHE

Finished message

CBC/HMAC

GCM

Small block size

RC4

Compression

  • CRIME (TLS compression)
  • BREACH (HTTP compression)
  • TIME, HEIST (TCP window trick, Javascript, timing + HTTP compression)

State machine errors

HTTP/HTTPS related

Parsing issues

Others