[gnutls-devel] GnuTLS | multiple issues in handling KeyUpdate messages (#699)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon May 20 14:58:04 CEST 2019

> mainly because there was a similar situation under tls1.2 where alert messages could be sent by the client continuously and cause a DoS on the server. 

how is that different from a client that sends AppData records that are all padding?

with tls1.2 the problem was that the attack was asymmetric – the alerts were not encrypted, and caused a lot of CPU use on server – here, the attacker and server have to perform the exact same operations, otherwise server will reject the key update as malformed

note that the server doesn't have to answer 1-to-1 to every KeyUpdate request, it's valid to answer with just one KeyUpdate to those 20 KeyUpdates from the client, and it is ok to send that KeyUpdate only when, and right before, the AppData from server is sent (the test case would need to be updated to detect that though, IIRC)

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/699#note_172246195
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190520/0aa3eee1/attachment.html>

More information about the Gnutls-devel mailing list