The CRIME attack and wolfSSL embedded SSL
The CRIME attack has been in the news recently, and some of our users have been asking about it. The short version of responding to the attack is simple: disable TLS compression. In wolfSSL, compression is disabled by default. The Tor project has posted an excellent explanation of the attack in their blog. For more details, see: https://blog.torproject.org/blog/some-thoughts-crime-attack.
If you have questions on this attack in relation to wolfSSL, please contact us at firstname.lastname@example.org.
Originally posted at: http://www.wolfssl.com/wolfSSL/Blog/Entries/2012/9/24_The_CRIME_attack_and_CyaSSL_embedded_SSL.html