TLS - what can go wrong?

January 14, 2026 ยท View on GitHub

Key generation

Also see: badkeys

RSA encryption handshake

RSA signature handshake

ECDSA / DSA handshake

  • Duplicate r (not found in the wild yet)

Static DH/ECDH handshake

Diffie Hellman

ECDHE

Finished message

CBC/HMAC

GCM

Small block size

RC4

Compression

  • CRIME (TLS compression)
  • BREACH (HTTP compression)
  • TIME,HEIST (TCP window trick, Javascript, timing + HTTP compression)

State machine errors

Parsing and validation logic issues

Certificate validation

Sidechannels

Underlying protocol interactions

Others