[Ach] disabling comp-lzo in OpenVPN config
L. Aaron Kaplan
kaplan at cert.at
Tue Aug 21 22:52:50 CEST 2018
Hi *,
I'd like to suggest disabling comp-lzo in our sample config for openVPN.
(https://github.com/BetterCrypto/Applied-Crypto-Hardening/blob/master/src/configuration/VPNs/OpenVPN/server.conf)
Here is the reason:
https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/
And:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16919.html
Any objections?
Best,
a.
--
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20180821/870b9ed3/attachment.sig>
More information about the Ach
mailing list