CODEWITHSUNDEEP
configurationcompilationopensslzlib
user1345414
user1345414

Reputation: 3865

When do I need zlib in OpenSSL?

Some site describe config & make for OpenSSL with zlib while I can do it without zlib.

It means zlib is not necessary for openSSL in some case.

Does anyone tell me what case OpenSSL does compression or decompression?

The answer from @Giacomo1968 is useful. I want to know how to choose if I use –z or not?

Upvotes: 16

Views: 20332

Answers (3)

Rick
Rick

Reputation: 7516

I'd like to add some information on "zlib ssl compression, CRIME attack, BREACH attack", that I found not clear enough when read the answers.

A quick summary:

  • TLS used zlib for compression, that is vulnerable to CRIME attack. To fix that, it requires either clients(browsers) or servers to refuse compression in TLS. Apache httpd and nginx changed tls compression to false as default. Browser vendors(Firefox did) disable tls compression. So disabling compression (build without zlib), everything still works.
  • CRIME attack doesn't only affect TLS protocols. HTTP also uses compression so it's also affected. BREACH is a variant attack of CRIME targeting HTTP. But it can be mitigated via CSRF tokens.

Good references and check:

https://www.wikiwand.com/en/CRIME
https://bugzilla.mozilla.org/show_bug.cgi?id=580679
https://bz.apache.org/bugzilla/show_bug.cgi?id=53219#c10
https://www.wikiwand.com/en/BREACH_(security_exploit)

Upvotes: 2

Giacomo1968
Giacomo1968

Reputation: 25994

The answer is right in the manual. It relates to the -z option:

“Compress or decompress clear text using zlib before encryption or after decryption. This option exists only if OpenSSL with compiled with zlib or zlib-dynamic option.”

Upvotes: 6

jww
jww

Reputation: 102396

The answer from @Giacomo1968 is useful. I want to know how to choose if I use –z or not?

That's easy. Compression leaks information in protocols like HTTPS and SPDY, so you should not use it. Since you should not use it, there's no reason to configure with it. See Rizzo and Duong's CRIME attack.

There's another option to configure you might be interested in: no-comp. It disables compression independent of zlib.

Does anyone tell me what case OpenSSL does compression or decompression?

By default, compression is enabled unless you disable it at compile time or runtime. If compression is available, then you have to disable it at runtime with the SSL_OP_NO_COMPRESSION context options:

const SSL_METHOD* method = SSLv23_method();
if(method == NULL) handleFailure();

ctx = SSL_CTX_new(method);
if(ctx == NULL) handleFailure();

const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
SSL_CTX_set_options(ctx, flags);

For completeness, Firefox does not support compression. Firefox's configure used to be broken out of the box, so the browser was not vulnerable to the compression attacks. See the bug report, Build NSS with the TLS zlib compression code and add the security.ssl.enable_compression preference to enable it.

Upvotes: 20

Related Questions