TLS

Because crypto is too pleasant without x509.

TLS nonce-nse

Starting a series of blog posts on TLS 1.3, I published my notes on the landscape of cipher nonces in TLS across versions, to help me clean up the implementation. Comes with hand-drawn diagrams! TLS nonce-nse | CloudFlare Blog (archive)…

An overview of TLS 1.3

I presented TLS 1.3 to the CloudFlare London office. Why it's faster, how it works, why it's safer, what's clever about it. The talk is recorded and comes with colored diagrams. There's a transcript on the CloudFlare blog. An overview of TLS 1.3 and Q&A | CloudFlare…

"LuckyMinus20": Yet Another Padding Oracle in OpenSSL CBC Cipher Suites

Early this week, a new OpenSSL error code padding oracle dropped. Padding oracles are one of the most fun crypto vulnerabilities, so I gave this one the full treatment: a ten lines PoC and CLI test, obviously based on a patched Go crypto/tls https://github.com/FiloSottile/CVE-2016-2107 an…

SSLv2 redux: patching Go crypto/tls to work with IE6

tl;dr: Go crypto/tls servers can't understand a sad SSLv2-flavored compatibility trick IE6 and JDK 5/6 do, I updated a patch, don't use it. While doing large scale TLS measurement with a Go crypto/tls server for CloudFlare, I started seeing this error score pretty high in my…

How Plex is doing HTTPS for all its users

This week Plex, a self-hosted media server, announced that they now offer TLS to secure all connections, including those to the user's servers. This is actually pretty interesting. Background A quick overview of the Plex architecture to understand why this is different from the average HTTPS deployment. The server is…

Logjam explained

Logjam is a downgrade attack against the TLS protocol itself which exploits EXPORT ciphersuites. I wrote a long explanation of how the attack works and its background (what Diffie-Hellman is and how exactly it's used in the TLS handshake) on the CloudFlare blog. Logjam: the latest TLS vulnerability explained | CloudFlare…

The sad state of SMTP encryption

This is a quick recap of why I'm sad about SMTP encryption. It explains how TLS certificate verification in SMTP is useless even if you force it. SMTP SMTP is the protocol that mail servers talk between them to deliver mail. Standardized in 1982 it used to be, unsurprisingly, 100%…

Komodia/Superfish SSL Validation is broken

If you are on the ball already and just want the new vulnerability, scroll to the "client side SSL verification" section. tl;dr The Komodia/Superfish proxy can be made to allow self-signed certificates without warnings. Recap Some Lenovo laptops shipped with Superfish preinstalled - an ad injecting software. How…