22

I've read CRIME - How to beat the BEAST successor? and a few articles on the subject (linked below) and found no recommendations for system administrators.

As a web host, should I disable SSL compression because of CRIME?

ThreatPost: New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessions

ArsTechnica: Crack in Internet's foundation of trust allows HTTPS session hijacking

Daniel Serodio
  • 687
  • 2
  • 7
  • 14

2 Answers2

20

Yes, you probably should disable TLS compression on the web server, if you use SSL on a highly security-sensitive site.

For most of your user base, this is not strictly necessary. Turning off TLS compression in the web server is useful only to protect the small fraction of users who are running older, vulnerable browsers. The only browsers that ever supported TLS compression were Firefox and Chrome. IE, Safari, Opera have never supported it. Firefox and Chrome have disabled TLS compression in their latest versions. Both of them use automatic updates so majority of users will upgrade to patched versions very soon. Therefore, most users will already be protected, even if you do nothing.

However, there may be some users still using older browser versions that support TLS compression, and thus are vulnerable. For instance, Ivan Ristić estimates that (as of September 2012) about 7% of visitors to his web site are using an older browser that supports TLS compression and is vulnerable to CRIME. I expect this number may decrease over time. Nonetheless, there is probably some benefit to turning off TLS compression in your server: it helps protect those users against the CRIME attack.

My thanks to Andrey Botalov for the reference to Ivan Ristić's estimates about the prevalence of vulnerable browsers.

For details on how to disable SSL compression on your web server, see this blog post from iSEC Partners.

D.W.
  • 98,860
  • 33
  • 271
  • 588
  • 2
    Info on a and b: [CRIME: Information leakage attack against SSL/TLS](http://blog.ivanristic.com/2012/09/it-seems-that-it-is-that-time-of-year-again-when-julian-and-thai-present-their-most-recent-attack-against-crypto-system-t.html) – Andrei Botalov Sep 15 '12 at 08:34
  • 1
    Thank you for the great information, and for the helpful edits, @AndreyBotalov! I've incorporated your suggested edits into the post (sorry, I was editing at the same time as you, so our edits collided; but I rescued your changes and incorporated them). And thanks for the great citation to Ivan Ristić's blog post! – D.W. Sep 15 '12 at 08:47
  • 1
    Amazon Silk, the Web browser for the Kindle Fire, has also been reported as using TLS-level compression. – Tom Leek Sep 15 '12 at 13:21
  • When did firefox support TLS compression? My understanding is that they never enabled it due to technical difficulties. (Except perhaps in SPDY) – CodesInChaos Sep 19 '12 at 10:31
7

Yes. Yes, you should.

If you're operating a web site, use the SSL Labs assessment tool to determine if your site supports TLS compression and SPDY (look for Compression and Next Protocol Support on the results page, towards the bottom). If you think the risk is too high, disable compression if your web software allows you to do it. (If they don't today, they will soon.)

(From Qualys)

gowenfawr
  • 72,355
  • 17
  • 162
  • 199