[Development] [Announce] SECURITY - disabling SSL/TLS compression to mitigate the "CRIME" attack
Giuseppe D'Angelo
dangelog at gmail.com
Thu Sep 27 13:30:42 CEST 2012
Hi,
On 27 September 2012 11:56, List for announcements regarding Qt
releases and development <announce at qt-project.org> wrote:
> A security vulnerability has been discovered in the SSL/TLS protocol, which
> affects connections using compression.
> All versions of TLS are believed to be affected.
> To address this, Qt will disable TLS compression by default.
I'd just like to thank Richard Moore <rich at kde.org> who contributed
the patches in both Qt 5 and 4.x, even before the details of the
attack were disclosed to the mainstream audience.
Cheers,
--
Giuseppe D'Angelo
More information about the Development
mailing list