Can SSL encrypted connection prevent replay attacks without using a nonce?
I'm working on a simple socket-based service where a client sends a request to delete a file or directory. The request only includes the file path and a token for verification. The server listens for these requests, removes the file or directory, and verifies the request based on the token.
I'm concerned about the possibility of a replay attack. Since the service only processes one argument (the file path), it's easy for an attacker to understand the traffic pattern. any legitimate traffic to this port is a delete request. If an attacker captures the encrypted traffic, could they later replay it to issue the same delete request?
The connection is SSL encrypted, but there’s no use of a nonce or other specific measures to prevent replay. Does SSL/TLS provide enough protection against replay attacks (e.g., through key exchanges, session handling, or timestamps), or could the captured encrypted request be easily replayed later without the server knowing it's not legitimate?
