Changes between Version 5 and Version 6 of VORACLE
- Timestamp:
- 10/04/18 15:12:22 (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
VORACLE
v5 v6 25 25 Without compression the length of the encrypted packets does not change, so Eve cannot gain any information. (Strictly speaking the length changes if Eve's password length changes but that gives no additional information) 26 26 27 The real world attacks are more complicated and need to take in account the specific circumstances (e.g. HTTPS or VPN) but they rely on the same principle as demonstrated in this simple example.27 The real world attacks are more complicated and need to take into account the specific circumstances (e.g. HTTPS or VPN) but they rely on the same principle as demonstrated in this simple example. 28 28 29 29 === Compression is **NOT** enabled by default === … … 31 31 It is important to know that compression has never been enabled by default. An OpenVPN configuration (implying both the local and remote side) must explicitly enable compression. 32 32 33 The se options here covers what is called the OpenVPN Data Channel in the wire protocol. The data channel is used to transfer network traffic from one side to the other side. OpenVPN also uses a Control Channel, where the TLS protocol is used. OpenVPN has disabled compression explicitly inside the Control Channel explicitly since OpenVPN 2.3.9 and OpenVPN 2.4.0 when compiled against OpenSSL. The compression on the Control Channel is not configurable. OpenVPN compiled against mbedTLS and PolarSSL has no support for modifying compression on the Control Channel, but it is disabled by default in the compiling process of the mbedTLS/PolarSSL library. No payload packets are sent over this channel and communication is strictly between openvpn server and client, making chosen plaintext like BEAST, CRIME and VORACLE extremely difficult for the Control Channel.33 The options here cover what is called the OpenVPN Data Channel in the wire protocol. The data channel is used to transfer network traffic from one side to the other side. OpenVPN also uses a Control Channel, where the TLS protocol is used. OpenVPN has **explicitly** disabled compression inside the Control Channel since OpenVPN 2.3.9 and OpenVPN 2.4.0 when compiled against OpenSSL. The compression on the Control Channel is not configurable. OpenVPN compiled against mbedTLS and PolarSSL has no support for modifying compression on the Control Channel, but it is disabled by default in the compiling process of the mbedTLS/PolarSSL library. No payload packets are sent over this channel and communication is strictly between openvpn server and client, making chosen plaintext like BEAST, CRIME and VORACLE extremely difficult for the Control Channel. 34 34 35 35 == Mitigation == … … 63 63 64 64 65 This will stop the client from annou cing compression support (via `IV_LZO=1`, `IV_LZ4=1` etc) and only advertises stub support.65 This will stop the client from announcing compression support (via `IV_LZO=1`, `IV_LZ4=1` etc) and only advertises stub support. 66 66 67 67 If your connection stops working after this change your server does not respect the client capabilities. … … 96 96 In most cases this is more a perceived need than a real need. 97 97 98 - Most traffic is not compressible since it either already compressed (e.g. large downloads) or is encrypted and cannot be compressed99 - VPN compression is fairly inefficient compared to normal compression. Only one packet at a time (~1400 ) is compressed. It is always better compress data at a higher protocol layer98 - Most traffic is not compressible since it is either already compressed (e.g. large downloads) or is encrypted and cannot be compressed. 99 - VPN compression is fairly inefficient compared to normal compression. Only one packet at a time (~1400 bytes) is compressed. It is always better compress data at a higher protocol layer. 100 100 101 101