Review Request 109561: Disable SSL compression support in TCPSlaveBase
Dawit Alemayehu
adawit at kde.org
Mon Mar 18 04:09:26 GMT 2013
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/109561/
-----------------------------------------------------------
Review request for kdelibs.
Description
-------
This patch disables SSL compression support in KIO::TCPSlaveBase to prevent "CRIME" based SSL attacks. This attack is a type of "man in the middle" attack that only works when both client and server support SSL compression. The same researchers have just recently devised a new technique based on "CRIME" dubbed "TIME", but the mitigation for that one seems to be practicing better security on the server side.
Diffs
-----
kio/kio/tcpslavebase.cpp 85f0a59
Diff: http://git.reviewboard.kde.org/r/109561/diff/
Testing
-------
Thanks,
Dawit Alemayehu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20130318/7058979d/attachment.htm>
More information about the kde-core-devel
mailing list