kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Mitigate the CRIME TLS flaw 

If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.

This is CVE-2012-4929.

FS-6360 --resolve

Thanks-to: Brian West <brian@freeswitch.org>
This commit is contained in:
Travis Cross 2014-03-16 16:07:02 +00:00
parent 2b651b9abe
commit 19fc943f59
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
View File

@ -334,6 +334,8 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_TLSv1_2);
SSL_CTX_sess_set_remove_cb(tls->ctx, NULL);
SSL_CTX_set_timeout(tls->ctx, ti->timeout);
/* CRIME (CVE-2012-4929) mitigation */
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_COMPRESSION);
/* Set callback if we have a passphrase */
if (ti->passphrase != NULL) {