Skip to content

Commit

Permalink
update Lucky 13 status
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomato42
tomato42 committed Jun 21, 2015
1 parent 4464125 commit bb6142c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -505,10 +505,10 @@ tlslite-ng does NOT verify certificates by default.

tlslite-ng's pure-python ciphers are probably vulnerable to timing attacks.

tlslite-ng is probably vulnerable to the "Lucky 13" timing attack if AES or 3DES
tlslite-ng **is** vulnerable to the "Lucky 13" timing attack if AES or 3DES
are used, or the weak cipher RC4 otherwise. This unhappy situation will remain
until tlslite-ng implements authenticated-encryption ciphersuites (like GCM), or
RFC 7366.
RFC 7366 and allows refusing connections which don't use them.


12 History
Expand Down

0 comments on commit bb6142c

Please sign in to comment.