[openssl-users] removing compression?

Thomas Tanner tanner at gmx.net
Sat Apr 4 16:04:07 UTC 2015


On 03.04.15 21:53, Salz, Rich wrote:
> But on a larger scale, does anyone use TLS compression?  It has
> certainly caused problems with HTTP (see
> http://en.wikipedia.org/wiki/CRIME). And the best practice these days is
> to do it at the application layer, and feed the compressed bytes down to
> TLS.

How about at least implementing the length hiding mitigation suggested
by the BREACH paper
http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf
by randomly interspersing flush commands into the data stream
(description and example implementation
https://github.com/wnyc/breach_buster)?
It's not perfect but for some use cases better than having no
compression at all.


More information about the openssl-users mailing list