On 24/08/18 12:11, Arne Schwabe wrote:
Hey,

with this mail I would like to discuss the way forward for compression.


<s>


Our default configuration has not compression enabled. So our default
configuration is safe from Voracle.

<s>


I would like to have some feedback what the rest of you thinks


This could be improved..

https://github.com/OpenVPN/openvpn/blob/a6fd48ba36ede465b0905a95568c3ec0d425ca71/sample/sample-config-files/server.conf#L254

eg:

# WARNING: Enabling compression has known attacks, see VORACLE

# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"

# This is the recommended configuration
;compress stub
;push "compress stub"

# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo

# This is the recommended configuration
;comp-lzo no
;push "comp-lzo no"



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to