diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-09-18 21:50:35 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-09-20 23:39:10 +0200 |
commit | 4e97dfef6e163f43c89fd5693fd1d29a6c20f373 (patch) | |
tree | f9edc9e615c69c9286b626309b77734996a3130e | |
parent | 739d28d20b5567eb7c1835747f8a639b5329b63e (diff) | |
download | gnutls-4e97dfef6e163f43c89fd5693fd1d29a6c20f373.tar.gz |
doc update
-rw-r--r-- | doc/cha-gtls-app.texi | 4 | ||||
-rw-r--r-- | doc/cha-intro-tls.texi | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 7e82a42ed1..3e84ba2cb0 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -982,7 +982,9 @@ renegotiation thus this option must be used with care. @item %STATELESS_COMPRESSION @tab will disable keeping state across records when compressing. This may help to mitigate attacks when compression is used but an attacker -is in control of input data. +is in control of input data. This has to be used only when the +data that are possibly controlled by an attacker are placed in +separate records. @item %SERVER_PRECEDENCE @tab The ciphersuite will be selected according to server priorities diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index 8279fff531..581a52777c 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -191,7 +191,9 @@ on @xcite{RFC3749}. The supported algorithms are shown below. Note that compression enables attacks such as traffic analysis, or even plaintext recovery under certain circumstances. To avoid some of these attacks GnuTLS allows each record to be compressed independently (i.e., -stateless compression), by using the "%STATELESS_COMPRESSION" priority string. +stateless compression), by using the "%STATELESS_COMPRESSION" priority string, +in order to be used in cases where the attacker controlled data are +pt in separate records. @node Weaknesses and countermeasures @subsection Weaknesses and countermeasures |