RVSD daemon disables the in-built SSL compression.
Article ID: KB0092808
Updated On:
| Products | Versions |
|---|---|
| TIBCO Rendezvous | - |
| Not Applicable | - |
Description
Description:
In-built SSL compression between application and RVSD daemon.
Symptoms:
The RVSD daemon disables the built-in SSL compression.
Cause:
This is because the security built into SSL compression is disabled.
In-built SSL compression between application and RVSD daemon.
Symptoms:
The RVSD daemon disables the built-in SSL compression.
Cause:
This is because the security built into SSL compression is disabled.
Issue/Introduction
RVSD daemon disables the in-built SSL compression.
Environment
ALL
Resolution
It is understood by the
security community that enabling TLS compression opens applications to
additional vulnerabilities. The compression algorithms become an
additional attack surface. (Refer to https://tools.ietf.org/html/rfc3749#section-6). Previous example exploits of TLS compression include CRIME and BREACH . (Refer to https://en.wikipedia.org/wiki/Transport_Layer_Security#CRIME_and_BREACH_attacks).
Equally important, is the fact that the current draft of TLS 1.3 removes support for compression. (Refer to https://tools.ietf.org/html/draft-ietf-tls-tls13-07). Based on the aforementioned, we will not enable SSL built- in compression.
Feedback
Yes
No
Powered by
