the "crime" attack on TLS
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Sep 15 12:11:16 CEST 2012
On 09/15/2012 02:30 AM, Phil Pennock wrote:
> But yes, OpenSSL has the BIO abstraction, GnuTLS just provides
> gnutls_record_send() and friends. I know what you mean here, but where
> in OpenSSL you can use BIO_flush(), in GnuTLS, you could have a similar
> flush call; or a call which sets a flag in gnutls_session_t which will
> be cleared with the next send, to coerce the change: on next send,
> Z_FINISH the current compression block and start a new one. It's that,
> or add gnutls_record_send_flagged() which takes a 4th parameter.
Is any advantage in having such a fine-tuning? I think a simpler
approach of allowing either stateless compression with FULL_FLUSH, and
another option that allows SYNC_FLUSH would be sufficient for most uses.
>> It's operation is
>> comparable to unix sockets. You provide data for sending in each
>> record. That data is then compressed. I'm thinking whether it makes
>> sense to use Z_FULL_FLUSH on each record boundary, or drop compression
>> altogether.
>
> Given the size of a record, a full flush on every send would probably
> work out larger than no compression for most workloads, surely? You
> still need to send the Huffman tree as overhead.
A preliminary test with the Z_FULL_FLUSH option doesn't show a much
larger overhead (packets are typically few bytes larger).
regards,
Nikos
More information about the Gnutls-devel
mailing list