I've had a look within the official TLS specification but I cannot see any mention of this. Does TLS allow compression to be disabled? Or is it mandatory?
Asked
Active
Viewed 3,908 times
22
-
18*In 1.3* compression is _prohibited_ (the field is still there, but it must not specify anything other than 0 = identity) – dave_thompson_085 Oct 05 '22 at 01:29
2 Answers
40
Compression is not mandatory in TLS. And in modern libraries or products, it is often disabled by default because of possible attack vectors like CRIME which rely on TLS level compression.
Notably also what dave-thompson-085 said in a comment to the question:
"In 1.3 compression is prohibited (the field is still there, but it must not specify anything other than 0 = identity)"
schroeder
- 125,553
- 55
- 289
- 326
Steffen Ullrich
- 190,458
- 29
- 381
- 434
10
Compression is not required, and support for it is up to the implementations on client and server. Not all servers or clients support it (it is mandatory to support uncompressed traffic).
Some implementations of compression create vulnerabilities in webapps and similar content, as attackers can use the compression to learn things about the encrypted secrets such as cookie values by varying URLs that they make the victim's browser request, and seeing which strings compress well or poorly. As such, it will generally be disabled in contexts where an attacker could partially control the content.
CBHacking
- 42,359
- 3
- 76
- 107