wolfSSL Not Vulnerable to Pandora’s Box Attack

Researchers Clemens Hlauschek, Markus Gruber, Florian Fankhauser, and Christian Schanes of Germany`s Research Industrial Systems Engineering are presenting a TLS Man in the Middle attack at this week’s USENIX conference in Washington D.C: https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf .  This is a protocol level attack that has a few requirements; a static (EC)DH cipher suite, client authentication with a static (EC)DH private key, and the injection of a known certificate/key pair into the client.  The wolfSSL embedded SSL library does support static ECDH cipher suites, whereas static DH cipher suites are not supported.  While client authentication is supported in wolfSSL ecdsa_fixed_ecdh is not supported, meaning yaSSL / CyaSSL / wolfSSL are not vulnerable to the attack.

We still recommend the use of our max strength build to ensure the highest level of security, max strength ensures Perfect Forward Secrecy cipher suites only: http://www.wolfssl.com/wolfSSL/Blog/Entries/2015/7/10_wolfSSL_Max_Strength_Build.html .  The next release of wolfSSL disables all static cipher suites by default and documents their use as deprecated and insecure as the paper suggests.

Please contact wolfSSL by email at facts@wolfssl.com, or call us at 425 245 8247 if you have any security related questions.