
Yet Another Padding Oracle in OpenSSL CBC Ciphersuites - IcyApril
https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
======
nanolith
MAC-then-encrypt is a pet peeve of mine. It is so much safer to apply the
message authenticator AFTER data has been encrypted, after which point it
protects both the cipher text and the underlying plain text. Yes, I'm aware
that there are reasons for going the other way, but having written plenty of
secure communication suites over the years, I don't see any of them as
especially compelling given the potential dangers.

------
excalibur
[https://filippo.io/CVE-2016-2107/#ycombinator.com](https://filippo.io/CVE-2016-2107/#ycombinator.com)

~~~
excalibur
Also whitehouse.gov, verizon.com, yahoo.com, linkedin.com, instagram.com,
netflix.com, hulu.com, washingtonpost.com....

