As Ahamed Nafeez reported to the OpenVPN security team, we did not
sufficiently inform our users about the risks of combining encryption
and compression. This patch adds a "Security Considerations" paragraph
to the --compress section of the manpage to point the risks out to our
users.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1528020718-12721-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16919.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -2516,6 +2516,16 @@ If the |
2516 | 2516 |
parameter is empty, compression will be turned off, but the packet |
2517 | 2517 |
framing for compression will still be enabled, allowing a different |
2518 | 2518 |
setting to be pushed later. |
2519 |
+ |
|
2520 |
+.B Security Considerations |
|
2521 |
+ |
|
2522 |
+Compression and encryption is a tricky combination. If an attacker knows or is |
|
2523 |
+able to control (parts of) the plaintext of packets that contain secrets, the |
|
2524 |
+attacker might be able to extract the secret if compression is enabled. See |
|
2525 |
+e.g. the CRIME and BREACH attacks on TLS which also leverage compression to |
|
2526 |
+break encryption. If you are not entirely sure that the above does not apply |
|
2527 |
+to your traffic, you are advised to *not* enable compression. |
|
2528 |
+ |
|
2519 | 2529 |
.\"********************************************************* |
2520 | 2530 |
.TP |
2521 | 2531 |
.B \-\-comp\-lzo [mode] |