[gnutls-devel] GnuTLS | lucky13-type of attack for SHA384 and SHA256 (#456)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Oct 1 19:54:13 CEST 2018

The solution applied in gnutls 3.3.30 is a mitigation against the attack published by the authors. As such these CVEs are addressed. What the authors claim is that these mitigations may not be sufficient for a future attack. So backporting these mitigations (or preferably by updating to 3.3.30) is sufficient to address that vulnerability.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/456#note_105621260
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181001/9c642814/attachment.html>

More information about the Gnutls-devel mailing list