CRIME SSL/TLS attack
Description
The CRIME (Compression Ratio Info-leak Made Easy) attack exploits a vulnerability in SSL/TLS and SPDY protocols when data compression is enabled. Attackers can leverage this compression side-channel to extract sensitive information, such as session cookies or authentication tokens, by observing the size of compressed encrypted data. This client-side attack succeeds when the server accepts Deflate or other compression algorithms during the TLS handshake, allowing attackers to make repeated requests and analyze compression ratios to recover secret data byte-by-byte.
Remediation
Disable TLS compression on the server to prevent CRIME attacks. This is accomplished by configuring the server to reject compression during the TLS handshake negotiation.
For Apache with mod_ssl, ensure compression is disabled (this is the default in modern versions):
SSLCompression offFor Nginx, add the following directive to your configuration:
ssl_compression off;For Microsoft IIS, disable compression via registry (requires restart):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL DWORD: "DisableCompression" = 1For application servers like Node.js using the tls module:
const options = {
secureOptions: constants.SSL_OP_NO_COMPRESSION
};
https.createServer(options, app);After making changes, verify that compression is disabled by testing the TLS handshake with tools like nmap or sslyze. Additionally, ensure all TLS libraries and server software are updated to versions that disable compression by default.