[Buildroot] [PATCH] package/mbedtls: fix zlib support
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Mon Feb 6 12:58:40 UTC 2017
Hello,
On Sun, 29 Jan 2017 22:15:11 +0100, Jörg Krause wrote:
> To enable compression support using zlib it is necessary to uncomment
> the define for MBEDTLS_ZLIB_SUPPORT in config.h [1].
>
> Note, that enabling TLS compression may make mbedTLS vulnerable to the
> CRIME attack [1]. It should not be enabled unless is is sure CRIME and
> similar attacks are not applicable to the particulare situation.
>
> As zlib is probably enabled in most systems, maybe it is best to make
> the compression support a user choice and add the warning from [1]?
Yes, please do this, it seems to make sense.
> [1] https://tls.mbed.org/kb/how-to/deflate-compression-in-ssl-tls
>
> Signed-off-by: Jörg Krause <joerg.krause at embedded.rocks>
> ---
> package/mbedtls/mbedtls.mk | 5 +++++
> 1 file changed, 5 insertions(+)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list