Review Request 109561: Disable SSL compression support in TCPSlaveBase

Commit Hook null at kde.org
Sun Mar 24 15:05:35 GMT 2013


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/109561/
-----------------------------------------------------------

(Updated March 24, 2013, 3:05 p.m.)


Status
------

This change has been marked as submitted.


Review request for kdelibs.


Description
-------

This patch disables SSL compression support in KIO::TCPSlaveBase to prevent "CRIME" based SSL attacks. This attack is a type of "man in the middle" attack that only works when both client and server support SSL compression. The same researchers have just recently devised a new technique based on "CRIME" dubbed "TIME", but the mitigation for that one seems to be practicing better security on the server side.


Diffs
-----

  kio/kio/tcpslavebase.cpp 85f0a59 

Diff: http://git.reviewboard.kde.org/r/109561/diff/


Testing
-------


Thanks,

Dawit Alemayehu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20130324/4b6c3d78/attachment.htm>


More information about the kde-core-devel mailing list