Topic: Built in protection from session ID attacks.

2009-12-02 10:02:38 UTC
Does this … y-cbc.html or this … -2003-0078 apply to wolfSSL embedded SSL?
touskaProject Admin

2009-12-03 00:37:41 UTC
The first attack isn't possible with wolfSSL since a general fatal alert is sent in this case instead of a more specific error that could potentially leak timing information. The second one doesn't affect wolfSSL since a MAC computation is done independent of padding errors, preventing the timing attack entirely.

2009-12-03 09:56:23 UTC
Great! Thanks, Todd!