If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.
This is CVE-2012-4929.
FS-6360 --resolve
Thanks-to: Brian West <brian@freeswitch.org>
19fc943f59