[Icecast-dev] Proposed openSSL usage improvements
"Thomas B. Rücker"
thomas at ruecker.fi
Sun Nov 9 22:03:52 PST 2014
On 11/09/2014 10:52 PM, Roger Hågensen wrote:
> On 2014-11-09 12:37, "Thomas B. Rücker" wrote:
>> On 11/02/2014 05:56 PM, "Thomas B. Rücker" wrote:
>>> - hard disable compression
> I assume this is only header compression (where the vulnerability was)
> and not content compression?
It's only about SSL/TLS layer data compression, as this is about how we
use openSSL.
https://trac.xiph.org/changeset/19263
Note that Icecast never supported HTTP level, content-encoding based,
compression. Given that 99.9% of the bandwidth probably goes to things
with very high entropy, it wouldn't make much sense either.
Coincidentally that makes us safe from BREACH too, not just SSL/TLS
level CRIME attacks.
Cheers
Thomas
More information about the Icecast-dev
mailing list