View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004315 | unreal | ircd | public | 2014-06-08 17:30 | 2015-08-08 17:41 |
| Reporter | syzop | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | wont fix | ||
| Product Version | 3.4-alpha1 | ||||
| Summary | 0004315: SSL/TLS compression | ||||
| Description | Zip links support was removed from 3.4.x by nenolod because SSL also offers compression, and we want people to use SSL anyway. However this functionality seems currently not enabled. 1) Figure out if it's safe to enable, see CRIME attack (and maybe others) 2) Enable it for server to server links (and test) 3) Possibly & safe to enable for client<->server connections too? (check interoperability, especially with non-openssl implementations) | ||||
| 3rd party modules | |||||
|
|
We should also add ziplinks-like configuration to allow administrators to control how much or how little to compress data. I think this setting should be global, like set::ssl::compression 0-9 (9 being highest). Upon server/client negotiation, if the remote party were to specify a different compression level the lesser compression should be used. For sanity sake, there should be a default. I think 5 OR whatever the remote connection specifies. (Disclaimer: I don't even know if compression is in the connection negotiation and the same on both sides, or even configurable. Just throwing this out there.) |
|
|
+1 |
|
|
Everything I read says it's enabled by default on OpenSSL already, well.. if it's enabled in the first place (openssl compiled with zlib + a few other requirements). At a few sources I read - something I think as well - that OpenSSL completely ignores it on the client-side so never negotiates or tries to use it. No idea what to do about that. |
|
|
Probably won't be done. Seems all the compression stuff is being phased out "for security", and what exists currently is apparently non-portable and seems hard to get it to work anyway. so.. closing. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-06-08 17:30 | syzop | New Issue | |
| 2014-06-08 17:31 | syzop | Description Updated | |
| 2014-06-08 19:53 | Stealth | Note Added: 0018190 | |
| 2014-12-28 06:13 | katsklaw | Note Added: 0018278 | |
| 2015-05-18 13:01 | syzop | Note Added: 0018311 | |
| 2015-08-08 17:41 | syzop | Note Added: 0018638 | |
| 2015-08-08 17:41 | syzop | Status | new => closed |
| 2015-08-08 17:41 | syzop | Assigned To | => syzop |
| 2015-08-08 17:41 | syzop | Resolution | open => wont fix |
