[Icecast-dev] Proposed openSSL usage improvements

"Thomas B. Rücker" thomas at ruecker.fi
Sun Nov 9 22:03:52 PST 2014

On 11/09/2014 10:52 PM, Roger Hågensen wrote:
> On 2014-11-09 12:37, "Thomas B. Rücker" wrote:
>> On 11/02/2014 05:56 PM, "Thomas B. Rücker" wrote:
>>>   - hard disable compression
> I assume this is only header compression (where the vulnerability was) 
> and not content compression?

It's only about SSL/TLS layer data compression, as this is about how we
use openSSL.

Note that Icecast never supported HTTP level, content-encoding based,
compression. Given that 99.9% of the bandwidth probably goes to things
with very high entropy, it wouldn't make much sense either.
Coincidentally that makes us safe from BREACH too, not just SSL/TLS
level CRIME attacks.



More information about the Icecast-dev mailing list