TLS Compression


TLS Compression as the name implies is Compression within TLS.
TLS Compression is Deprecated in TLS 1.3

RFC 3749 describes Transport Layer Security Protocol Compression Methods.

TLS has the ability to compress content prior to encryption. Compression does not protect against the BEAST attack, but it does make it more difficult.

Normally, the bytes sent by the attacker are encrypted and sent over the wire. With compression enabled, the bytes are first compressed, which means that the attacker no longer knows what exactly is encrypted. To make the attack work, the attacker would also have to guess the compressed bytes, which may be very difficult. For this reason, the original BEAST exploit implemented by Duong and Rizzo could not attack compressed TLS connections.

In some estimates, compression was enabled on about half of all web servers at the time BEAST was announced. However, client-side support for compression was very weak then and is nonexistent today

TLS Compression has been a target of several Exploits and generally it is considered that it should be disabled. CRIME ia a popular Exploit on TLS Compression and it has been stated that TLS Compression is dead and CRIME killed it.

More Information#

There might be more information for this subject on one of the following: