Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
  #1   (View Single Post)  
Old 2 Weeks Ago
jonsec jonsec is offline
Fdisk Soldier
Join Date: Jul 2019
Posts: 53
Default does raccoon attack has effect on OpenBSD?

Raccoon is a timing vulnerability in the TLS specification that affects HTTPS and other services that rely on SSL and TLS. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

Raccoon allows attackers under certain conditions to break the encryption and read sensitive communications. The vulnerability is really hard to exploit and relies on very precise timing measurements and on a specific server configuration to be exploitable.

does raccoon attack has effect on OpenBSD?
Reply With Quote
  #2   (View Single Post)  
Old 2 Weeks Ago
CiotBSD CiotBSD is offline
Join Date: Jun 2019
Location: Under /
Posts: 126

Interesting question!

Because, LibreSSL is not mentioned. Why? It was not "studied"?
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
  #3   (View Single Post)  
Old 2 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 7,106

I'll guess an answer: probably. If I'm reading this correctly, the attack surface is an apparent weakness in the TLS 1.2 or older cryptographic protocols, and TLS 1.2 is still in active use.
  • The default cipher suite string used by both httpd(8) and relayd(8) is "HIGH:!aNULL". The "HIGH" suite of ciphers includes TLS 1.2. See both httpd.conf(5) and relayd.conf(5) for details.
  • To see the details of the protocols permitted by a cipher control string value, use $ openssl ciphers -v <string>. See the CIPHERS section of the openssl(1) man page and the DESCRIPTION section of the SSL_CTX_set_cipher_list(3) man page.
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
CacheOut: new attack against CPU Intel CiotBSD News 0 27th January 2020 11:56 PM
Security Another crypto-attack on SSL/TLS encryption J65nko News 0 15th March 2013 12:54 PM
Floating point DoS attack (PHP) J65nko News 0 6th January 2011 02:08 AM
supress UDP ddos attack chris FreeBSD Security 4 9th July 2008 02:46 PM

All times are GMT. The time now is 06:55 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick