After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 792604 - Disable TLS compression
Disable TLS compression
Status: RESOLVED FIXED
Product: glib-openssl
Classification: Other
Component: general
2.50.x
Other Linux
: Normal normal
: ---
Assigned To: glib-openssl Maintainers
Depends on:
Blocks:
 
 
Reported: 2018-01-17 13:31 UTC by Joakim Tosteberg
Modified: 2018-01-19 07:40 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch to disable TLS compression (957 bytes, patch)
2018-01-17 13:31 UTC, Joakim Tosteberg 		none Details | Review
Patch to disable TLS compression (959 bytes, patch)
2018-01-17 13:33 UTC, Joakim Tosteberg 		none Details | Review
Patch to disable TLS compression (1.55 KB, patch)
2018-01-18 07:06 UTC, Joakim Tosteberg 		committed Details | Review

Description Joakim Tosteberg 2018-01-17 13:31:27 UTC 
Created attachment 366939 [details] [review]
Patch to disable TLS compression

The current configuration of OpenSSL enables support for TLS compression which isn't good from a security perspective due to CRIME (CVE-2012-4929). The attached patch ensures that support for TLS compression is disabled.
Comment 1 Joakim Tosteberg 2018-01-17 13:33:07 UTC 
Created attachment 366940 [details] [review]
Patch to disable TLS compression
Comment 2 Ignacio Casal Quinteiro (nacho) 2018-01-17 15:52:00 UTC 
Review of attachment 366940 [details] [review]:

Makes sense, do we need it server side as well?
Comment 3 Joakim Tosteberg 2018-01-18 07:06:11 UTC 
Created attachment 366992 [details] [review]
Patch to disable TLS compression

Disable for both client and server
Comment 4 Ignacio Casal Quinteiro (nacho) 2018-01-18 07:53:20 UTC 
Review of attachment 366992 [details] [review]:

Looks good
Comment 5 Ignacio Casal Quinteiro (nacho) 2018-01-19 07:40:25 UTC 
Thanks for the patch