Permalink
Browse files

Disabling SSL Compression might prevent an SSL CRIME attack.

  • Loading branch information...
1 parent 2e48005 commit 97e24f061fc527f9aaf86aa5c97072b990d5912a @skinkie skinkie committed Nov 29, 2012
Showing with 2 additions and 2 deletions.
  1. +1 −1 admin/PageVServer.py
  2. +1 −1 cherokee/virtual_server.c
View
@@ -47,7 +47,7 @@
NOTE_CA_LIST = N_('File containing the trusted CA certificates, utilized for checking the client certificates (Full path to the file)')
NOTE_CIPHERS = N_('Ciphers that TLS/SSL is allowed to use. <a target="_blank" href="http://www.openssl.org/docs/apps/ciphers.html">Reference</a>. (Default: HIGH:!aNULL:!MD5).')
NOTE_CIPHER_SERVER_PREFERENCE = N_('The cipher sequence that is specified by the server should have preference over the preference of the client. (Default: False).')
-NOTE_COMPRESSION = N_('Explicitly enable or disable serverside compression support. (Default: True).')
+NOTE_COMPRESSION = N_('Explicitly enable or disable serverside compression support. (Default: Disabled).')
NOTE_CLIENT_CERTS = N_('Skip, Accept or Require client certificates.')
NOTE_VERIFY_DEPTH = N_('Limit up to which depth certificates in a chain are used during the verification procedure (Default: 1)')
NOTE_ERROR_HANDLER = N_('Allows the selection of how to generate the error responses.')
@@ -70,7 +70,7 @@ cherokee_virtual_server_new (cherokee_virtual_server_t **vserver, void *server)
n->hsts.max_age = 365 * 24 * 60 * 60;
n->cipher_server_preference = false;
- n->ssl_compression = true;
+ n->ssl_compression = false; /* This might prevent a SSL CRIME attack */
/* Virtual entries
*/

0 comments on commit 97e24f0

Please sign in to comment.