Opened 2 years ago

Closed 2 years ago

#22961 closed defect (fixed)

Should tor-spec say that nodes MUST NOT use TLS compression?

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-spec security
Cc: Actual Points:
Parent ID: #18856 Points:
Reviewer: Sponsor:

Description

In general, it's unsafe to compress attacker-controlled data and secret data together in the same blocks, because attackers can use compressed data size to discover the secret (as in the CRIME attack).

Discovered as part of #22948.

Child Tickets

TicketStatusOwnerSummaryComponent
#22964closedteorClarify comment about all tor data being encryptedCore Tor/Tor

Change History (2)

comment:1 Changed 2 years ago by yawning

Yes, because that's what the code does:

#ifdef SSL_OP_NO_COMPRESSION
  SSL_CTX_set_options(result->ctx, SSL_OP_NO_COMPRESSION);
#endif
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
#ifndef OPENSSL_NO_COMP
  /* Don't actually allow compression; it uses ram and time, but the data
   * we transmit is all encrypted anyway. */
  if (result->ctx->comp_methods)
    result->ctx->comp_methods = NULL;
#endif
#endif

comment:2 Changed 2 years ago by nickm

Resolution: fixed
Status: newclosed

Done in 7411e54cd7d7f2bbb70364218a35f2b48a8ee0ed as part of #22964.

Note: See TracTickets for help on using tickets.