Re: TLS1.3 record padding

Fri, 04 Nov 2022 08:58:47 -0700 

The padding may be also necessary to prevent from a kind of attacks, besides 
hiding the length.  But I cannot recall the details.

Removing padding may be not the direction.  Instead, a padding length 
customizable solution may be more flexible.  Here is an enhancement request in 
JBS (https://bugs.openjdk.org/browse/JDK-8244983 
<https://bugs.openjdk.org/browse/JDK-8244983>), please feel free to take it.    

Xuelei

> On Nov 4, 2022, at 4:21 AM, Daniel Jeliński <djelins...@gmail.com> wrote:
> 
> Hello,
> I noticed that we're padding every TLS 1.3 record with exactly 16 zeros [1]. 
> I'd like to remove that padding to conserve network bandwidth and processing 
> power. Thoughts?
> 
> Some background:
> - TLS 1.3 RFC [2] defines padding as a means to hide the size of the traffic. 
> Constant-length padding does not hide it, obviously. The RFC does not define 
> any padding policies ("Selecting a padding policy that suggests when and how 
> much to pad is a complex topic and is beyond the scope of this 
> specification.")
> - OpenSSL [3] defines 2 methods to select the length of the padding block: 
> the user may provide a callback that selects adequate padding length, or 
> provide block length, and then every record is padded to a multiple of block 
> length. By default OpenSSL does not pad records.
> - I'm not aware of any discussions around record padding on this list, which 
> suggests that there's no demand for more complex padding schemes.
> 
> Regards,
> Daniel
> 
> [1] 
> https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/OutputRecord.java#L302
>  
> <https://github.com/openjdk/jdk/blob/4cec141a90bc5d3b8ec17c024291d9c74a112cd4/src/java.base/share/classes/sun/security/ssl/OutputRecord.java#L302>
> [2] https://www.rfc-editor.org/rfc/rfc8446.html#section-5.4 
> <https://www.rfc-editor.org/rfc/rfc8446.html#section-5.4>
> [3] 
> https://www.openssl.org/docs/man1.1.1/man3/SSL_set_record_padding_callback.html
>  
> <https://www.openssl.org/docs/man1.1.1/man3/SSL_set_record_padding_callback.html>

Reply via email to