Review Request 109561: Disable SSL compression support in TCPSlaveBase
Commit Hook
null at kde.org
Sun Mar 24 15:05:35 GMT 2013
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/109561/
-----------------------------------------------------------
(Updated March 24, 2013, 3:05 p.m.)
Status
------
This change has been marked as submitted.
Review request for kdelibs.
Description
-------
This patch disables SSL compression support in KIO::TCPSlaveBase to prevent "CRIME" based SSL attacks. This attack is a type of "man in the middle" attack that only works when both client and server support SSL compression. The same researchers have just recently devised a new technique based on "CRIME" dubbed "TIME", but the mitigation for that one seems to be practicing better security on the server side.
Diffs
-----
kio/kio/tcpslavebase.cpp 85f0a59
Diff: http://git.reviewboard.kde.org/r/109561/diff/
Testing
-------
Thanks,
Dawit Alemayehu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20130324/4b6c3d78/attachment.htm>
More information about the kde-core-devel
mailing list