Is a server using CBC without the encrypt_then_mac TLS extension necessarily vulnerable to the LUCKY13 attack?
In order for a server to be vulnerable to the LUCKY13 exploit, it has to use a ciphersuite which uses CBC and must not use the encrypt_then_mac TLS extension. However, if both these conditions are satisfied, is the server necessarily vulne… Continue reading Is a server using CBC without the encrypt_then_mac TLS extension necessarily vulnerable to the LUCKY13 attack?