On 24/08/18 12:11, Arne Schwabe wrote:
Hey,
with this mail I would like to discuss the way forward for compression.
<s>
Our default configuration has not compression enabled. So our default
configuration is safe from Voracle.
<s>
I would like to have some feedback what the rest of you thinks
This could be improved..
https://github.com/OpenVPN/openvpn/blob/a6fd48ba36ede465b0905a95568c3ec0d425ca71/sample/sample-config-files/server.conf#L254
eg:
# WARNING: Enabling compression has known attacks, see VORACLE
# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"
# This is the recommended configuration
;compress stub
;push "compress stub"
# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo
# This is the recommended configuration
;comp-lzo no
;push "comp-lzo no"
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel