The ROBOT attack

ROBOT is the return of a 19-year-old vulnerability that allows extraction of the server's private key in certain cases if RSA is supported as a key exchange protocol. It it based on the well known Bleichenbacher attack [2] and affects various implementations of TLS. For further details see [1].

Airlock WAF is not affected because current OpenSSL versions are not affected. Airlock Login/IAM is not affected, as it runs on Java 8 and BouncyCastle TLS is not used.

The TZ article [3] provides an overview how Airlock WAF protects against different types of attacks on SSL/TLS.