Opened 3 years ago

Closed 3 years ago

#22961 closed defect (fixed)

Should tor-spec say that nodes MUST NOT use TLS compression?

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-spec security
Cc: Actual Points:
Parent ID: #18856 Points:
Reviewer: Sponsor:


In general, it's unsafe to compress attacker-controlled data and secret data together in the same blocks, because attackers can use compressed data size to discover the secret (as in the CRIME attack).

Discovered as part of #22948.

Child Tickets

#22964closedteorClarify comment about all tor data being encryptedCore Tor/Tor

Change History (2)

comment:1 Changed 3 years ago by yawning

Yes, because that's what the code does:

  SSL_CTX_set_options(result->ctx, SSL_OP_NO_COMPRESSION);
  /* Don't actually allow compression; it uses ram and time, but the data
   * we transmit is all encrypted anyway. */
  if (result->ctx->comp_methods)
    result->ctx->comp_methods = NULL;

comment:2 Changed 3 years ago by nickm

Resolution: fixed
Status: newclosed

Done in 7411e54cd7d7f2bbb70364218a35f2b48a8ee0ed as part of #22964.

Note: See TracTickets for help on using tickets.