On Sat, Oct 10, 2020 at 15:01 Antony Stone < antony.st...@apache.open.source.it> wrote: > On Saturday 10 October 2020 at 20:23:46, Tom Browder wrote: ...
> > > I've been looking at ways to speed up my web services using > > https://webpagetest.org for analysis. One thing I've been reading about is > > using mod_deflate to compress certain files but keep seeing the warnings > > Which warnings? Where? ... > > > about using compression with https due to certain known threats. > > What threats? ... > Can you point us at any document about what this "issue" is, so that we know > what "threat" you're concerned about? Well it started with the docs for 2.4 and mod_deflate. Therein is this, quote: =====> Compression and TLS Some web applications are vulnerable to an information disclosure attack when a TLS connection carries deflate compressed data. For more information, review the details of the "BREACH" family of attacks. <===== End quote. I searched for the doc reference "BREACH" + "attack" and got several hits such as: TLSv1.3 has a post-handshake problem And an excerpt from it, quote: =====> CRIME and TIME CRIME (Compression Ratio Info-leak Made Easy) is a cross-layer protocol attack that includes a compression side-channel attack against HTTPS. It leverages information leaked by TLS compression on messages sent from the client to the server. CRIME can recover targeted parts of the plaintext given a MiTM access. In March 2013 at the Black Hat (EU), Tal Be’ery presented an extension of CRIME named TIME. It debuted two new enhancements: it used CRIME for server-to-client messages and did not require a MiTM situation by exploiting TCP window sizes. The first of these two modifications gave rise to BREACH (see further down). THE FIX: CRIME is ineffective against TLS 1.3 because TLS 1.3 disables TLS-level compression. To verify if a server is vulnerable to CRIME on port 443: openssl s_client -connect domainname.com:443 In the output of this command, look for TLS compression; if enabled, the server is vulnerable to CRIME. <===== End quote. When I last serious upgrades to my servers last July one problem with using TLS 1.3 was that the Firefox browser couldn't use it as because of post-handshake problems. So I'm currently running TLSv1.2. Best, -Tom
