[openssl-users] removing compression?
Jeffrey Walton
noloader at gmail.com
Tue Apr 7 22:37:17 UTC 2015
On Tue, Apr 7, 2015 at 1:37 PM, Richard Moore <richmoore44 at gmail.com> wrote:
> On 7 April 2015 at 17:49, Jakob Bohm <jb-openssl at wisemo.com> wrote:
>>
>> It also appears the HTTP/2.0 draft aka SPDY requires
>> compression to be enabled, though I don't know if that
>> is at the TLS or HTTP level.
>
> HTTP/2 does not require TLS compression. It does however use it's own
> compression for headers (hpack) which is designed to be safe from attacks
> like CRIME.
A me too: earlier version of SPDY required compression, and user
agents had to support it. It seems to still be the case in version 4
(http://mbelshe.github.io/SPDY-Specification/draft-mbelshe-spdy-00.xml).
I'm not sure if/how SPDY differs from HTTP/2 (other than I know they
are different but aligned).
It seems to me the trick to avoid CRMIE-like attacks is to make sure
the compression is semantically secure. In the case of CRIME,
information should not be gained across different messages (in this
case, each message alone was secure - it was the different messages
over time that got folks in trouble).
But I'm not sure about other attacks on the compression layer.
More information about the openssl-users
mailing list