Maniphest T6001

Drop compression support in ntbtls
Closed, InvalidPublic
Actions

Assigned To
None
Authored By
DemiMarie
May 23 2022, 5:51 PM
Tags
Subscribers
DemiMarie
werner

Description

TLS compression is insecure (CRIME attack), so ntbtls should drop support for it.

Details

External Link
https://en.wikipedia.org/wiki/CRIME

Event Timeline

DemiMarie created this task.May 23 2022, 5:51 PM
DemiMarie created this object in space S1 Public.
DemiMarie created this object with edit policy "Custom Policy".
werner closed this task as Invalid.May 23 2022, 10:54 PM
werner added a subscriber: werner.

ntbltls does not implement compression:

/* ret = deflate (&ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH); */
ret = gpg_error (GPG_ERR_NOT_IMPLEMENTED);

;-)