Обсуждение: Disallow SSL compression?


Disallow SSL compression?

Daniel Gustafsson
A few years ago we discussed whether to disable SSL compression [0] which ended
up with it being off by default combined with a recommendation against it in
the docs.

OpenSSL themselves disabled SSL compression by default in 2016 in 1.1.0 with
distros often having had it disabled for a long while before then.  Further,
TLSv1.3 removes compression entirely on the protocol level mandating that only
NULL compression is allowed in the ClientHello.  NSS, which is discussed in
another thread, removed SSL compression entirely in version 3.33 in 2017.

It seems about time to revisit this since it's unlikely to work anywhere but in
a very small subset of system setups (being disabled by default everywhere) and
is thus likely to be very untested at best.  There is also the security aspect
which is less clear-cut for us compared to HTTP client/servers, but not refuted
(the linked thread has a good discussion on this).

The attached removes sslcompression to see what it would look like.  The server
actively disallows it and the parameter is removed, but the sslcompression
column in the stat view is retained.  An alternative could be to retain the
parameter but not act on it in order to not break scripts etc, but that just
postpones the pain until when we inevitably do remove it.

Thoughts?  Any reason to keep supporting SSL compression or is it time for v14
to remove it?  Are there still users leveraging this for protocol compression
without security making it worthwhile to keep?

Daniel Gustafsson        https://vmware.com/

[0] https://www.postgresql.org/message-id/flat/595cf3b1-4ffe-7f05-6f72-f72b7afa7993%402ndquadrant.com
