dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


1 recommendation

reply to MagnusM

Re: Google disables SSL compression in Chrome against new attack

The Chromium bug entry for this is at »code.google.com/p/chromium/issue ··· d=139744 -- however, you will get a 403 forbidden when trying to view this, so this is a sure sign that it's pertaining to a security vulnerability. Normally Chromium bug entries are viewable by anyone.

I tried looking into the Firefox source code. As best I can tell, SSL compression is off in Firefox by default. Specifically, the file sslsock.c contains an array called sslOptions with this setting:

static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */

This should mean that SSL compression is not enabled by default in Firefox. I couldn't find any recent changes to this file either when checking the diffs.

Mischel Internet Security - Developer of TrojanHunter