alleged attack on TLS

Chris Palmer snackypants at
Wed Sep 21 19:43:31 CEST 2011

On Wed, Sep 21, 2011 at 1:19 AM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at> wrote:

> From information gathered here
> and there it seems the attack is a variation or an implementation of
> the Bard attack [0].

The BEAST developers say that they were inspired by Dai, not Bard. FWIW.

> If you are using GnuTLS and want to prevent such
> attacks you can do the following:
> * Make sure that TLS 1.1 or TLS 1.2 are not disabled (gnutls enables
> them by default, but because of compatibility issues with broken peers
> they are often disabled)

You can also use a non-CBC cipher suite, like RC4.

"These days, though, you have to be pretty technical before you can
even aspire to crudeness." — William Gibson

More information about the Gnutls-devel mailing list