Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement TLS 1.3 random record padding #5398

Closed
candrews opened this issue May 14, 2020 · 5 comments
Closed

Implement TLS 1.3 random record padding #5398

candrews opened this issue May 14, 2020 · 5 comments

Comments

@candrews
Copy link

The TLS specification (RFC 8446) section 5.4 defines optional Record Padding.

As a security improvement, I suggest that curl implement random record padding.

Record padding is primarily applicable to server as a way to mitigate vulnerabilities such as CRIME and BREACH that involve compression and reflection. But, who knows - there may be some future vulnerability that random record padding will address on the client - it couldn't hurt :)

In OpenSSL, this is done using SSL_CTX_set_record_padding_callback

@jay jay added the TLS label May 14, 2020
@jay
Copy link
Member

jay commented May 14, 2020

it couldn't hurt :)

I'm not really feeling this one. I'm concerned about the already tenuous situation with middleboxes.

@candrews
Copy link
Author

Wouldn't middle boxes already be a problem for TLS 1.3 then?

Perhaps a flag/configuration option to optionally enable this would be nice, then down the line if all goes well, it could be enabled by default?

@jay
Copy link
Member

jay commented May 14, 2020

Wouldn't middle boxes already be a problem for TLS 1.3 then?

There is middlebox compatibility in OpenSSL (and I assume others).

Perhaps a flag/configuration option to optionally enable this would be nice, then down the line if all goes well, it could be enabled by default?

I don't see a reason to do it by default. We may end up lessening security and compatibility for no good reason. It might allow for a vulnerability instead of preventing one. I really don't know what will happen. As an option I expect it would very obscure, this is the first I'm hearing of it. You could use CURLOPT_SSL_CTX_FUNCTION if you want it.

@bagder
Copy link
Member

bagder commented May 18, 2020

Padding is in general a thing people invent when designing protocols and then nobody actually uses when running them since they're a waste of bandwidth. I suspect that's why we've never seen a demand for padding for TLS before.

@bagder bagder closed this as completed in 5646e56 May 18, 2020
@Seirdy
Copy link

Seirdy commented Oct 13, 2022

@bagder True, it does use more bandwidth. However, this doesn't universally disqualify the use of TLS record padding. Plenty of smaller requests for static content would benefit from record padding, as it impedes traffic analysis: less consistent/unique record sizes make it more difficult for an eavesdropper to infer which pages a user visits. Websites that disable compression due to security concerns would probably be okay with tradeoff. I imagine that there'd be some extra interest among Tor users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

4 participants