TLS compression is insecure (CRIME attack), so ntbtls should drop support for it.
Description
Description
Details
Details
- External Link
- https://en.wikipedia.org/wiki/CRIME
Event Timeline
Comment Actions
ntbltls does not implement compression:
/* ret = deflate (&ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH); */ ret = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
;-)