DevHeads.net

Review Request 109561: Disable SSL compression support in TCPSlaveBase

Review request for kdelibs.

Description
This patch disables SSL compression support in KIO::TCPSlaveBase to prevent "CRIME" based SSL attacks. This attack is a type of "man in the middle" attack that only works when both client and server support SSL compression. The same researchers have just recently devised a new technique based on "CRIME" dubbed "TIME", but the mitigation for that one seems to be practicing better security on the server side.

Diffs
kio/kio/tcpslavebase.cpp 85f0a59

Diff: <a href="http://git.reviewboard.kde.org/r/109561/diff/" title="http://git.reviewboard.kde.org/r/109561/diff/">http://git.reviewboard.kde.org/r/109561/diff/</a>

Testing

Thanks,

Dawit Alemayehu

Comments

Re: Review Request 109561: Disable SSL compression support in TC

By Commit Hook at 03/24/2013 - 10:05

(Updated March 24, 2013, 3:05 p.m.)

Status
This change has been marked as submitted.

Review request for kdelibs.

Description
This patch disables SSL compression support in KIO::TCPSlaveBase to prevent "CRIME" based SSL attacks. This attack is a type of "man in the middle" attack that only works when both client and server support SSL compression. The same researchers have just recently devised a new technique based on "CRIME" dubbed "TIME", but the mitigation for that one seems to be practicing better security on the server side.

Diffs
kio/kio/tcpslavebase.cpp 85f0a59

Diff: <a href="http://git.reviewboard.kde.org/r/109561/diff/" title="http://git.reviewboard.kde.org/r/109561/diff/">http://git.reviewboard.kde.org/r/109561/diff/</a>

Testing

Thanks,

Dawit Alemayehu

Re: Review Request 109561: Disable SSL compression support in TC

By Commit Hook at 03/24/2013 - 10:05

This review has been submitted with commit 133a2f0aadd7d673cf066528b3cdece919e3551c by Dawit Alemayehu to branch KDE/4.10.

- Commit Hook

On March 18, 2013, 4:09 a.m., Dawit Alemayehu wrote: