the "crime" attack on TLS

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Sep 15 12:11:16 CEST 2012


On 09/15/2012 02:30 AM, Phil Pennock wrote:


> But yes, OpenSSL has the BIO abstraction, GnuTLS just provides
> gnutls_record_send() and friends.  I know what you mean here, but where
> in OpenSSL you can use BIO_flush(), in GnuTLS, you could have a similar
> flush call; or a call which sets a flag in gnutls_session_t which will
> be cleared with the next send, to coerce the change: on next send,
> Z_FINISH the current compression block and start a new one.  It's that,
> or add gnutls_record_send_flagged() which takes a 4th parameter.


Is any advantage in having such a fine-tuning? I think a simpler
approach of allowing either stateless compression with FULL_FLUSH, and
another option that allows SYNC_FLUSH would be sufficient for most uses.

>>                                                It's operation is
>> comparable to unix sockets. You provide data for sending in each
>> record. That data is then compressed. I'm thinking whether it makes
>> sense to use Z_FULL_FLUSH on each record boundary, or drop compression
>> altogether.
> 
> Given the size of a record, a full flush on every send would probably
> work out larger than no compression for most workloads, surely?  You
> still need to send the Huffman tree as overhead.


A preliminary test with the Z_FULL_FLUSH option doesn't show a much
larger overhead (packets are typically few bytes larger).

regards,
Nikos




More information about the Gnutls-help mailing list