Getting Rid of TLS 1.2: The Weaknesses of PKCS#v1.5 and The Fault Attack
TLS is truly one of the worst and the best protocols. When it works well, it protects data like no other method, but its implementation has often been buggy, and it copes with so many options. One of its greatest weaknesses is that Eve can select the weakest cipher suite that is possible from the server, and then possibly compromise it. But, there are many other problems, especially for PCKSv1#1.5 padding, and where Eve can probe the server, and eventually crack the cipher. For this, TLS 1.3 has dumped PCKSv1#1.5 padding, but the industry is taking time to adapt.
A new paper [1] now shines a light on the current state of the usage of TLS, and where the research team analysed 5.8 billion TLS handshakes from two different university networks:
In their analysis, they found that ECDHE (Elliptic Curve Diffie Hellman with Public Key Authentication) with RSA was the most popular key exchange methods, and with 128-bit AES GCM with a 256-bit hash (SHA-256) being used for the tunnel: