You are here
Raccoon Attack
Submitted on 10. September 2020 - 8:44 by rischi.
Last update on 1. October 2020 - 13:57.
Last update on 1. October 2020 - 13:57.
IDs:
CVE-2020-1968
Keywords:
tls, raccoon, dhe, ecdhe
Description:
Raccoon is a timing attack that exploits a vulnerability in the Diffie-Hellman specification in TLS 1.2 and older [1].
Airlock Gateway is not affected.
Details:
Airlock Gateway supports ECDHE and DHE ciphers by default to provide forward secrecy. Both cipher suite types use Diffie-Hellman to establish a session key. The ellipic curve ciphers (ECDHE) are not affected by this attack [1]. DHE ciphers are affected when the server reuses the same Diffie-Hellman share in multiple TLS connections. All supported Airlock Gateway versions use newer OpenSSL versions to implement SSL that do not reuse Diffie-Hellman shares and are therefore not vulnerable to this attack.
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
Does not affect back-end behind Airlock