You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
David Hook edited this page May 11, 2024
·
4 revisions
Issue affecting: BC TLS Java 1.0.18 and earlier. BC C# .NET 2.3.0 and earlier.
Fixed versions: BC TLS Java 1.0.19. BC C# .NET 2.3.1
Platform affected: All JVMs. All CLRs.
Possible timing side-channel for RSA key exchange ("The Marvin Attack"). The timing signal appeared to be related to the interaction of the TLS APIs with exception handling in the underlying low-level APIs used for providing cryptographic services.
Use of RSA PKCS#1.5 is now disabled by default in the BC TLS APIs.