Function: nsm-protocol-check--cbc-cipher

nsm-protocol-check--cbc-cipher is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-protocol-check--cbc-cipher HOST PORT STATUS &optional SETTINGS)

Documentation

Check for CBC mode ciphers.

CBC mode cipher in TLS versions earlier than 1.3 are problematic because of MAC-then-encrypt. This construction is vulnerable to padding oracle attacks[1].

Since GnuTLS 3.4.0, the TLS encrypt-then-MAC extension[2] has been enabled by default[3]. If encrypt-then-MAC is negotiated, this check has no effect.

Reference:

[1]: Sullivan (Feb 2016). "Padding oracles and the decline of
CBC-mode cipher suites", https://blog.cloudflare.com/padding-oracles-and-the-decline-of-cbc-mode-ciphersuites/
[2]: P. Gutmann (Sept 2014). "Encrypt-then-MAC for Transport Layer
Security (TLS) and Datagram Transport Layer Security (DTLS)", https://tools.ietf.org/html/rfc7366
[3]: N. Mavrogiannopoulos (Nov 2015). "An overview of GnuTLS
3.4.x",
https://nikmav.blogspot.com/2015/11/an-overview-of-gnutls-34x.html

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
;; Cipher checks

(defun nsm-protocol-check--cbc-cipher (_host _port status &optional _settings)
  "Check for CBC mode ciphers.

CBC mode cipher in TLS versions earlier than 1.3 are problematic
because of MAC-then-encrypt.  This construction is vulnerable to
padding oracle attacks[1].

Since GnuTLS 3.4.0, the TLS encrypt-then-MAC extension[2] has
been enabled by default[3]. If encrypt-then-MAC is negotiated,
this check has no effect.

Reference:

[1]: Sullivan (Feb 2016).  \"Padding oracles and the decline of
CBC-mode cipher suites\",
`https://blog.cloudflare.com/padding-oracles-and-the-decline-of-cbc-mode-ciphersuites/'
[2]: P. Gutmann (Sept 2014).  \"Encrypt-then-MAC for Transport Layer
Security (TLS) and Datagram Transport Layer Security (DTLS)\",
`https://tools.ietf.org/html/rfc7366'
[3]: N. Mavrogiannopoulos (Nov 2015).  \"An overview of GnuTLS
3.4.x\",
`https://nikmav.blogspot.com/2015/11/an-overview-of-gnutls-34x.html'"
  (when (not (plist-get status :encrypt-then-mac))
    (let ((cipher (plist-get status :cipher)))
      (and (string-match "\\bCBC\\b" cipher)
           (format-message
            "CBC mode cipher (%s) can be insecure"
            cipher)))))