-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement TLS 1.3 random record padding #5398
Comments
I'm not really feeling this one. I'm concerned about the already tenuous situation with middleboxes. |
Wouldn't middle boxes already be a problem for TLS 1.3 then? Perhaps a flag/configuration option to optionally enable this would be nice, then down the line if all goes well, it could be enabled by default? |
There is middlebox compatibility in OpenSSL (and I assume others).
I don't see a reason to do it by default. We may end up lessening security and compatibility for no good reason. It might allow for a vulnerability instead of preventing one. I really don't know what will happen. As an option I expect it would very obscure, this is the first I'm hearing of it. You could use CURLOPT_SSL_CTX_FUNCTION if you want it. |
Padding is in general a thing people invent when designing protocols and then nobody actually uses when running them since they're a waste of bandwidth. I suspect that's why we've never seen a demand for padding for TLS before. |
@bagder True, it does use more bandwidth. However, this doesn't universally disqualify the use of TLS record padding. Plenty of smaller requests for static content would benefit from record padding, as it impedes traffic analysis: less consistent/unique record sizes make it more difficult for an eavesdropper to infer which pages a user visits. Websites that disable compression due to security concerns would probably be okay with tradeoff. I imagine that there'd be some extra interest among Tor users. |
The TLS specification (RFC 8446) section 5.4 defines optional Record Padding.
As a security improvement, I suggest that curl implement random record padding.
Record padding is primarily applicable to server as a way to mitigate vulnerabilities such as CRIME and BREACH that involve compression and reflection. But, who knows - there may be some future vulnerability that random record padding will address on the client - it couldn't hurt :)
In OpenSSL, this is done using
SSL_CTX_set_record_padding_callback
The text was updated successfully, but these errors were encountered: