the "crime" attack on TLS

Tim Ruehsen tim.ruehsen at
Thu Sep 13 13:49:34 CEST 2012

Am Thursday 13 September 2012 schrieb Nikos Mavrogiannopoulos:
> * How to mitigate the attack?
> 1. Do not enable compression (gnutls' doesn't enable it by default)
> 2. When using compression use the CBC ciphers that include a random
> padding up to 255 bytes. That would increase the number of trials an
> attacker needs to perform significantly.
> 3. Make sure that even if you must mix adversary-controlled data with
> sensitive data, that the adversary cannot trigger that multiple times.

Thank you for the information.

OpenSSL doesn't enable compression by default either.

Wget seems to be clean with GnuTLS and OpenSSL - compression is not enabled 
with GnuTLS nor with OpenSSL.

Regards, Tim

More information about the Gnutls-devel mailing list