GitLab

Can we disable compress option at all in our plugin? It seems that we use compress lzo from here:
https://gitlab.labs.nic.cz/turris/foris-controller-openvpn-module/blob/master/foris_controller_backends/openvpn/__init__.py#L265

On support, we received ticket #2861, which says:

there is a vulnerability with OpenVPN with 'compress lzo' enable and with this vulnerability, it's possible to decrypt parts of HTTP traffic. HTTPS is not affected.

More details can be found here: https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/

The only downside of disabling that option is that it can reduce the speed of OpenVPN.

The OpenVPN doc was also updated. See more details from their mail list: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16919.html