Function: `nsm-protocol-check--compression`

nsm-protocol-check--compression is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-protocol-check--compression HOST PORT STATUS &optional SETTINGS)

Documentation

Check for TLS compression.

TLS compression attacks such as CRIME would allow an attacker to decrypt ciphertext. As a result, RFC 7525 has recommended its disablement.

Reference:

Sheffer, Holz, Saint-Andre (May 2015). "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", https://tools.ietf.org/html/rfc7525

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
;; Compression checks

(defun nsm-protocol-check--compression (_host _port status &optional _settings)
  "Check for TLS compression.

TLS compression attacks such as CRIME would allow an attacker to
decrypt ciphertext.  As a result, RFC 7525 has recommended its
disablement.

Reference:

Sheffer, Holz, Saint-Andre (May 2015).  \"Recommendations for Secure
Use of Transport Layer Security (TLS) and Datagram Transport Layer
Security (DTLS)\", `https://tools.ietf.org/html/rfc7525'"
  (let ((compression (plist-get status :compression)))
    (and compression
	 (string-match "^\\bDEFLATE\\b" compression)
         (format-message
          "compression method (%s) may lead to leakage of sensitive information"
          compression))))

Function: nsm-protocol-check--compression

Signature

Documentation

Source Code

Function: `nsm-protocol-check--compression`