----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://git.reviewboard.kde.org/r/109561/#review29801 -----------------------------------------------------------
This review has been submitted with commit 133a2f0aadd7d673cf066528b3cdece919e3551c by Dawit Alemayehu to branch KDE/4.10. - Commit Hook On March 18, 2013, 4:09 a.m., Dawit Alemayehu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > http://git.reviewboard.kde.org/r/109561/ > ----------------------------------------------------------- > > (Updated March 18, 2013, 4:09 a.m.) > > > Review request for kdelibs. > > > Description > ------- > > This patch disables SSL compression support in KIO::TCPSlaveBase to prevent > "CRIME" based SSL attacks. This attack is a type of "man in the middle" > attack that only works when both client and server support SSL compression. > The same researchers have just recently devised a new technique based on > "CRIME" dubbed "TIME", but the mitigation for that one seems to be practicing > better security on the server side. > > > Diffs > ----- > > kio/kio/tcpslavebase.cpp 85f0a59 > > Diff: http://git.reviewboard.kde.org/r/109561/diff/ > > > Testing > ------- > > > Thanks, > > Dawit Alemayehu > >
