1

https://news.ycombinator.com/item?id=19111707

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/

No one knows that LibreSSL is affected by CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870 or not.

Does anybody has any info about it?

cirka547
  • 13
  • 2
  • The authors didn't test it. Actually as pointed out Gilles in the comments of this answer surely the first mitigation should be keeping your system up-to-date? Therefore if you don't support TLS 1.2 you are safe. – kelalaka Feb 08 '19 at 11:30
  • For editing: I've tried to change the links as title and link but both have the same title. Better use our site's question? – kelalaka Feb 08 '19 at 11:32
  • 5
    You are referencing various CVE which are not related to a TLS 1.3 downgrade but your title only asks about TLS 1.3 downgrade. Please make clear what you actually want to know. As for what you ask in the title: LibreSSL is not affected by TLS 1.3 downgrade since it does not support TLS 1.3 yet. – Steffen Ullrich Feb 08 '19 at 12:29

1 Answers1

0

LibreSSL doesn't support TLS 1.3.

Frank Denis
  • 2,964
  • 15
  • 17