Review Request 109561: Disable SSL compression support in TCPSlaveBase
Commit Hook
null at kde.org
Sun Mar 24 15:05:32 GMT 2013
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/109561/#review29801
-----------------------------------------------------------
This review has been submitted with commit 133a2f0aadd7d673cf066528b3cdece919e3551c by Dawit Alemayehu to branch KDE/4.10.
- Commit Hook
On March 18, 2013, 4:09 a.m., Dawit Alemayehu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/109561/
> -----------------------------------------------------------
>
> (Updated March 18, 2013, 4:09 a.m.)
>
>
> Review request for kdelibs.
>
>
> Description
> -------
>
> This patch disables SSL compression support in KIO::TCPSlaveBase to prevent "CRIME" based SSL attacks. This attack is a type of "man in the middle" attack that only works when both client and server support SSL compression. The same researchers have just recently devised a new technique based on "CRIME" dubbed "TIME", but the mitigation for that one seems to be practicing better security on the server side.
>
>
> Diffs
> -----
>
> kio/kio/tcpslavebase.cpp 85f0a59
>
> Diff: http://git.reviewboard.kde.org/r/109561/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Dawit Alemayehu
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20130324/bd71fe74/attachment.htm>
More information about the kde-core-devel
mailing list