Menu
▾
▴
Re: [Openvpn-devel] [PATCH] Fix 'compress migrate' for 2.2 clients.
|
From: tincantech <tin...@pr...> - 2021-04-03 00:50:16
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, 3 April 2021 01:43, tincantech via Openvpn-devel <ope...@li...> wrote: > > But i believe you need to have access to both the compressed VPN data > and the uncompressed https packets to exploit such an attack. > Edit: The attacker also needs to control the https website that the victim visits. It's a tall order .. but do you really want to argue with the sort of people that figured out how to do it ? > Still, it was shown to be a genuine attack vector none-the-less. > -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgZ7usACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ3yaAgAvefAvhIBj2izSl5JoOH2oPeCYunedXsrFOXjrvteC1GX/Hem gRpLgcjNjdhcWdfW8NCFhihozr1Hrb9cLIxmvNLw5zmAIf6DRtcPPaExsyYJ mDLXMFlKZmSoGc3Jh9hsXxFy5oEH2K2RtQxJevGciAHn6GSkPx0MrHLJlmCH EPhUThW+QpEq+NdqNUo9dPJe9ByUUrZ9c/eySjXG8Eo7hYSLu0AhoYUr/zY1 OqpRNg3lsH6CRFkH7LV5cJEBGLF6qZLeAZ5x7UYGjWWR1pwI02AKknF5E9bW s+4P64TLyIVerUsewJ9EbzU4kI5abf+pammwmqBHFrPaI1foNUS/dA== =s7Ma -----END PGP SIGNATURE----- |
