drwetter
commented
4 years ago I haven't found the time to read https://raccoon-attack.com/ completely yet (hello to Paderborn and Bochum at least).
The exceptions might be worth to look into, maybe the reuse of ephemeral and non-ephemeral keys could be detected. But that's only an assumption.
Have you read about a PoC for detection? Wondering how SSLlabs is doing that.
chrisdlangton
A side channel, so maybe not. Info https://hackaday.com/2020/09/11/security-this-week-racoons-in-my-tls-bypassing-frontends-and-obscurity/