DEFLATE compression can reveal presence of known substrings with potentially sensitive contents.
Probably the best explanation so far: http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor/19914#19914 --- config.c | 12 +++++++++++- pound.8 | 8 ++++++++ 2 files changed, 19 insertions(+), 1 deletions(-) diff --git a/config.c b/config.c index 6ed8e39..01e3023 100755 --- a/config.c +++ b/config.c @@ -78,7 +78,7 @@ static regex_t ListenHTTP, ListenHTTPS, End, Address, Port, Cert, xHTTP, Client static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteLocation, RewriteDestination; static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; -static regex_t ClientCert, AddHeader, DisableSSLv2, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers; +static regex_t ClientCert, AddHeader, DisableSSLv2, SSLAllowClientRenegotiation, SSLHonorCipherOrder, SSLNoCompression, Ciphers; static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert; static regex_t Disabled, Threads, CNName, Anonymise; @@ -1123,6 +1123,14 @@ parse_HTTPS(void) ssl_op_disable |= SSL_OP_CIPHER_SERVER_PREFERENCE; ssl_op_enable &= ~SSL_OP_CIPHER_SERVER_PREFERENCE; } + } else if(!regexec(&SSLNoCompression, lin, 4, matches, 0)) { + if (atoi(lin + matches[1].rm_so)) { + ssl_op_enable |= SSL_OP_NO_COMPRESSION; + ssl_op_disable &= ~SSL_OP_NO_COMPRESSION; + } else { + ssl_op_disable |= SSL_OP_NO_COMPRESSION; + ssl_op_enable &= ~SSL_OP_NO_COMPRESSION; + } } else if(!regexec(&Ciphers, lin, 4, matches, 0)) { has_other = 1; if(res->ctx == NULL) @@ -1409,6 +1417,7 @@ config_parse(const int argc, char **const argv) || regcomp(&SSLAllowClientRenegotiation, "^[ \t]*SSLAllowClientRenegotiation[ \t]+([012])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&DisableSSLv2, "^[ \t]*DisableSSLv2[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&SSLHonorCipherOrder, "^[ \t]*SSLHonorCipherOrder[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) + || regcomp(&SSLNoCompression, "^[ \t]*SSLNoCompression[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&Ciphers, "^[ \t]*Ciphers[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&CAlist, "^[ \t]*CAlist[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&VerifyList, "^[ \t]*VerifyList[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) @@ -1571,6 +1580,7 @@ config_parse(const int argc, char **const argv) regfree(&SSLAllowClientRenegotiation); regfree(&DisableSSLv2); regfree(&SSLHonorCipherOrder); + regfree(&SSLNoCompression); regfree(&Ciphers); regfree(&CAlist); regfree(&VerifyList); diff --git a/pound.8 b/pound.8 index 4c29c2c..4e129ec 100755 --- a/pound.8 +++ b/pound.8 @@ -519,6 +519,14 @@ renegotiation is supported. If the value is 2, insecure renegotiation is suppor with unpatched clients. \fBThis can lead to a DoS and a Man in the Middle attack!\fR The default value is 0. .TP +\fBSSLNoCompression\fR 0|1 +If this value is 1, the server will disable DEFLATE compression even if both server +and client supports it. In case compression is enabled an attacker with access to +encrypted network traffic can conduct a "CRIME" attack by making client issue requests +with specific character sequences and observing whether they got compressed or not, +indicating their presence in part of the request that is not under his control (e.g. +cookie headers). Default value is 0. +.TP \fBCAlist\fR "CAcert_file" Set the list of "trusted" CA's for this server. The CAcert_file is a file containing a sequence of CA certificates (PEM format). The names of the defined CA certificates -- 1.7.1 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
