IETF Logo Mail Archive

Re: [TLS] A question to implementors about compression

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 08 April 2015 16:54 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBE4D1B343F for <tls@ietfa.amsl.com>; Wed, 8 Apr 2015 09:54:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWgW2hR6bVPn for <tls@ietfa.amsl.com>; Wed, 8 Apr 2015 09:54:12 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 953BC1B33E9 for <tls@ietf.org>; Wed, 8 Apr 2015 09:54:12 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 943F8283032; Wed, 8 Apr 2015 16:54:11 +0000 (UTC)
Date: Wed, 08 Apr 2015 16:54:11 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150408165411.GT17637@mournblade.imrryr.org>
References: <2dbc5ad134f544619db764781a8bb249@ustx2ex-dag1mb2.msg.corp.akamai.com> <CABkgnnXp8UzdNo+JQSyJY+U6wo=-tCFMcopn=N9XwNi_k0DYKQ@mail.gmail.com> <mg2fmj$b07$1@ger.gmane.org> <CABkgnnX2ZHdqN2Dwp-VfzjCb5S4zurugjE3fzZyJ7GheqeCAvQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABkgnnX2ZHdqN2Dwp-VfzjCb5S4zurugjE3fzZyJ7GheqeCAvQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-UCPIM9veCupc-Yc3G4bxHoyBqQ>
Subject: Re: [TLS] A question to implementors about compression
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 16:54:14 -0000

On Wed, Apr 08, 2015 at 09:46:46AM -0700, Martin Thomson wrote:

> Are you suggesting that LibreSSL/OpenSSL prior to the removal would
> fail to properly negotiate the absence of compression?  I'm fairly
> sure we'd know if that was the case.

That's not the case.  OpenSSL interoperates whether compression is
disabled at compile time, run-time or not enabled by the peer.

Disabling it at compile time or even excising the underlying code
reduce the attack surface and effort to support the code.

If some applications insist on negotiating compression, then of
course they are free to abort connections that don't negotiate
compression.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email