In order for a server to be vulnerable to the LUCKY13 exploit, it has to use a ciphersuite which uses CBC and must not use the encrypt_then_mac
TLS extension. However, if both these conditions are satisfied, is the server necessarily vulnerable to LUCKY13? Does openSSL mitigate this attack by adding random delays when using CBC mode ?
If that's the case, is there a way to test for certain for the presence of this vulnerability? As far as I know, testssl
only returns "Potentially vulnerable" when a server uses CBC without encrypt_then_mac
.