Glad You're Ready. Let's Get Started!

Let us know how we can contact you.

Thank you!

We'll respond shortly.

SSL Tabs Gone Wrong


BREACH attack against compressed TLS

If you haven't been following the email thread on this.

There is a new vulnerability for leaking secrets that are constantly transferred over compressed HTTPS. With a MITM observing HTTPS traffic, the person in the middle can secrets (eg – XSRF tokens) using several thousand requests to the server with TLS and compression enabled.

For rails (This is not a guaranteed fix):
For django:

Like some PDF thing explaining it?,%20gone%20in%2030%20seconds.pdf

This is a derived attack of CRIME, where it is possible to inject data into a compressed TLS request using the same technique.

Disabling compression resolves this attack, at a significant performance hit.

Post a Comment

Your Information (Name required. Email address will not be displayed with comment.)

* Copy This Password *

* Type Or Paste Password Here *