You need to sign in or sign up before continuing.
further improve the TLS1.0/1.1 decoding of CBC record ciphers
For interoperability with systems that do not support encrypt-then-mac (rfc7366), we provide a constant number of hash compression function calls on the implementation of CBC record decoding. That does not however imply constant data access nor constant time on the cycle level for invalid pads. As TLS1.0/1.1 systems are not expected to phase out soon, and encrypt-then-mac (rfc7366) adoption is limited (to openssl, mbedtls and gnutls), we may want to ensure that there will be no future such issues on these compatibility ciphersuites. Alternatively if rfc7366 adoption increases we should set the '%FORCE_ETM' flag by default and only negotiate these ciphersuites under a safe mode.
https://www.imperialviolet.org/2013/02/04/luckythirteen.html
Edited by Nikos Mavrogiannopoulos