You are here

Raccoon Attack

tls, raccoon, dhe, ecdhe

Raccoon is a timing attack that exploits a vulnerability in the Diffie-Hellman specification in TLS 1.2 and older [1].

Airlock Gateway is not affected.


Airlock Gateway supports ECDHE and DHE ciphers by default to provide forward secrecy. Both cipher suite types use Diffie-Hellman to establish a session key. The ellipic curve ciphers (ECDHE) are not affected by this attack [1]. DHE ciphers are affected when the server reuses the same Diffie-Hellman share in multiple TLS connections. All supported Airlock Gateway versions use newer OpenSSL versions to implement SSL that do not reuse Diffie-Hellman shares and are therefore not vulnerable to this attack.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock