Section 5.4 of the TLS 1.3 specification describes record padding.
One of the mitigations for BREACH is to add random padding.
Therefore, I’m wondering:
- Does TLS 1.3 require random record padding? I’m also unclear on if this padding is optional or required, and if it is always random.
- If TLS 1.3 random record padding is done, am I correct in thinking that it does mitigate BREACH?
Assuming both of those questions are answered affirmatively, I believe that would mean that any site that uses TLS 1.3 (and supports no earlier version of SSL/TLS) would not be vulnerable to BREACH.