Example HttpServer leaks side channel info #3
Description
HttpServer responses to HTTP queries are encrypted into separate RecordLayer messages on a line-by-line basis, thus creating side-channel leak.
In other words, the following reply:
[Thread 21] [12/4/2015 6:41:24 PM] --> HTTP/1.0 200 OK
[Thread 21] [12/4/2015 6:41:24 PM] --> Content-Type: text/plain
[Thread 21] [12/4/2015 6:41:24 PM] --> Connection: close
[Thread 21] [12/4/2015 6:41:24 PM] --> Content-Length: 0
[Thread 21] [12/4/2015 6:41:24 PM] -->
will be encrypted in 5 Application Data records:
ApplicationData('HTTP/1.0 200 OK\r\n')
ApplicationData('Content-Type: text/plain\r\n')
ApplicationData('Connection: close\r\n')
ApplicationData('Content-Length: 0\r\n')
ApplicationData('\r\n')