----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://git.reviewboard.kde.org/r/109561/ -----------------------------------------------------------
Review request for kdelibs. Description ------- This patch disables SSL compression support in KIO::TCPSlaveBase to prevent "CRIME" based SSL attacks. This attack is a type of "man in the middle" attack that only works when both client and server support SSL compression. The same researchers have just recently devised a new technique based on "CRIME" dubbed "TIME", but the mitigation for that one seems to be practicing better security on the server side. Diffs ----- kio/kio/tcpslavebase.cpp 85f0a59 Diff: http://git.reviewboard.kde.org/r/109561/diff/ Testing ------- Thanks, Dawit Alemayehu
