dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2
share rss forum feed


MagnusM
Premium
join:2001-07-07

1 recommendation

reply to MagnusM

Re: Google disables SSL compression in Chrome against new attack

The Chromium bug entry for this is at »code.google.com/p/chromium/issue···d=139744 -- however, you will get a 403 forbidden when trying to view this, so this is a sure sign that it's pertaining to a security vulnerability. Normally Chromium bug entries are viewable by anyone.

I tried looking into the Firefox source code. As best I can tell, SSL compression is off in Firefox by default. Specifically, the file sslsock.c contains an array called sslOptions with this setting:


static sslOptions ssl_defaults = {
...
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */


This should mean that SSL compression is not enabled by default in Firefox. I couldn't find any recent changes to this file either when checking the diffs.

--
Mischel Internet Security - Developer of TrojanHunter