Systematic Fuzzing and Testing of TLS Libraries

On Nov. 24 from 16:15, the lecture Systematic Fuzzing and Testing of TLS Libraries will take place in the auditorium T9:107. Juraj Somorovsky will introduce the widely-known TLS attacks and then the TLS-Attacker, an open-source framework for flexible analysis of TLS. The lecture will be held in English.


Transport Layer Security (TLS) is arguably the most important cryptographic protocol. It is used to secure the connection to websites, web services, or to create virtual private networks (VPNs). However, the complexity of TLS led to various design as well as implementation failures. In the last few years, we saw many TLS attacks with fancy names like FREAK, DROWN, or Heartbleed.

In this presentation, we first give an overview of the well-known TLS attacks. We show the problems in the TLS standard and highlight the problems developers have to face when evaluating the security of TLS libraries. Afterwards, we present TLS-Attacker—an open-source framework for flexible analysis of TLS. We show how we use this framework to create flexible TLS test suites, or how you can use it to run some interesting TLS attacks.

About Event

The event is free of charge and you do not have to register anywhere. The lecture is primarily intended for audience with basic knowledge of the technology.

Event type
Dr.-Ing. Juraj Somorovsky – Ruhr-University Bochum
November 29, 2017, 16:15–17:45
Auditorium T9:107, New Building CTU
Thákurova 9, Prague 6
It will be recorded

About Lecturer

Juraj Somorovský - profileJuraj Somorovsky is a security researcher at the Ruhr University Bochum, and co-founder of Hackmanit GmbH. He is a co-author of several TLS attacks (e.g. DROWN), and the main developer of a flexible tool for TLS analyses: TLS-Attacker. He presented his work at many scientific and industry conferences, including USENIX Security, Black Hat, DeepSec, or OWASP Europe.

Related Content

Lecturer: Juraj Somorovsky
Video recording: Audiovisual Centre of CTU students
Person responsible for the content of this page
Dr.-Ing. Martin Novotný, martin.novotny@fit.cvut.czLecture organizer

Last modified: 22.11.2017, 12:23