On Fri, May 15, 2015 at 1:05 AM, Christian Fahr <christian.fahr at stud.tu-darmstadt.de> wrote: > Hi all, > regarding this > http://nmav.gnutls.org/2013/11/inside-ssl-vpn-protocol.html blogpost by > Nikos Mavrogiannopoulos in 2013 and Ciscos implementation of pre-DTLS > 1.0 in the AnyConnect SSL VPN protocol. > Is this padding attack still an issue or has this been fixed in the > meantime? If so, how likely is this to be exploitable? If you use openconnect client and server there is no such issue, because it will negotiate AES-GCM. However, even with AES-CBC there are work arounds in gnutls and openssl which make the padding oracle impractical. regards, Nikos
