If this is similar in severity to Poodle, does that mean all CBC ciphers are doomed?
This will be a major problem for many users, since (AFAIK) this will disable usage of TLS below 1.2. It would be nice if someone could clarify :)
These are implementation flaws, but they’re caused by a spec that’s hard to get right.
You can implement CBC mode in a secure way. It’s complicated. The underlying vuln is known since 13 years and people still don’t implement it correctly.
If this is similar in severity to Poodle, does that mean all CBC ciphers are doomed?
This will be a major problem for many users, since (AFAIK) this will disable usage of TLS below 1.2. It would be nice if someone could clarify :)
These are implementation flaws, but they’re caused by a spec that’s hard to get right.
You can implement CBC mode in a secure way. It’s complicated. The underlying vuln is known since 13 years and people still don’t implement it correctly.