13May
Does TLS 1.3 mitigate the BREACH vulnerability?
Section 5.4 of the TLS 1.3 specification describes record padding.
One of the mitigations for BREACH is to add random padding.
Therefore, I'm wondering:
- Does TLS 1.3 require random record padding? I'm also unclear on if this padding is optional or required, and if it is always random.
- If TLS 1.3 random record padding is done, am I correct in thinking that it does mitigate BREACH?
Assuming both of those questions are answered affirmatively, I believe that would mean that any site that uses TLS 1.3 (and supports no earlier version of SSL/TLS) would not be vulnerable to BREACH.
