This repository has been archived by the owner. It is now read-only.

compression and TLS #1523

Closed
Dededede4 opened this Issue Aug 13, 2011 · 7 comments

Comments

Projects
None yet
5 participants
@Dededede4

Dededede4 commented Aug 13, 2011

Hello,
I have another little question about the TLS module.
It is possible to enable compression?

Thank you!

@pquerna

This comment has been minimized.

Show comment
Hide comment
@pquerna

pquerna Aug 13, 2011

Currently node.js disables all compression, as seen here:

https://github.com/joyent/node/blob/master/src/node_crypto.cc#L3873-3893

This is done globally, on startup, because for most node.js use cases, using >512kb of ram for each tls connection is bad -- there currently isn't a good way to disable it per-connection, especially with older versions of openssl that are quite common.

pquerna commented Aug 13, 2011

Currently node.js disables all compression, as seen here:

https://github.com/joyent/node/blob/master/src/node_crypto.cc#L3873-3893

This is done globally, on startup, because for most node.js use cases, using >512kb of ram for each tls connection is bad -- there currently isn't a good way to disable it per-connection, especially with older versions of openssl that are quite common.

@Dededede4 Dededede4 closed this Aug 13, 2011

@skepticfx

This comment has been minimized.

Show comment
Hide comment
@skepticfx

skepticfx Dec 14, 2013

There are good use cases when we want TLS compression enabled. Any good alternatives would be much appreciated.

skepticfx commented Dec 14, 2013

There are good use cases when we want TLS compression enabled. Any good alternatives would be much appreciated.

@indutny

This comment has been minimized.

Show comment
Hide comment
@indutny

indutny Dec 14, 2013

Member

No, there're no really good use cases for it. Compression in TLS is really flawed since it can't check if underlying content is already compressed, or if it is "compressable" at all. This is widely accepted, that compression should be done at application level, instead of the protocol level.

Member

indutny commented Dec 14, 2013

No, there're no really good use cases for it. Compression in TLS is really flawed since it can't check if underlying content is already compressed, or if it is "compressable" at all. This is widely accepted, that compression should be done at application level, instead of the protocol level.

@andytson

This comment has been minimized.

Show comment
Hide comment
@andytson

andytson Dec 29, 2013

I'd also add that TLS compression also adds CRIME vulnerability. http://en.wikipedia.org/wiki/CRIME_(security_exploit). Glad Node didn't already use it.

andytson commented Dec 29, 2013

I'd also add that TLS compression also adds CRIME vulnerability. http://en.wikipedia.org/wiki/CRIME_(security_exploit). Glad Node didn't already use it.

@skepticfx

This comment has been minimized.

Show comment
Hide comment
@skepticfx

skepticfx Dec 29, 2013

@andytson Absolutely, #6709

I wanted TLS Compression enabled for testing some CRIME related stuff. Probably, that was a bad call. I'm glad, @indutny made https://github.com/indutny/tls.js , which solves my problem in a way

skepticfx commented Dec 29, 2013

@andytson Absolutely, #6709

I wanted TLS Compression enabled for testing some CRIME related stuff. Probably, that was a bad call. I'm glad, @indutny made https://github.com/indutny/tls.js , which solves my problem in a way

@indutny

This comment has been minimized.

Show comment
Hide comment
@indutny

indutny Dec 29, 2013

Member

Does it? :)

Member

indutny commented Dec 29, 2013

Does it? :)

@skepticfx

This comment has been minimized.

Show comment
Hide comment
@skepticfx

skepticfx Dec 29, 2013

Well, I wanted a way to send and receive client hellos and server hellos with TLS compression enabled. The parser and framer in tls.js can be used to do what I want. There are a few hiccups here and there, will file about them in its issue list.

skepticfx commented Dec 29, 2013

Well, I wanted a way to send and receive client hellos and server hellos with TLS compression enabled. The parser and framer in tls.js can be used to do what I want. There are a few hiccups here and there, will file about them in its issue list.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.