OpenSSL: Disable SSL/TLS compression

It either causes increased memory usage or exposes users to the "CRIME attack" (CVE-2012-4929)
2012-11-12 16:41:58 +01:00 · 2012-11-12 16:41:58 +01:00 · fa1ae0abcd
parent 38ed72cd37
commit fa1ae0abcd
1 changed files with 4 additions and 0 deletions
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -1501,6 +1501,10 @@ ossl_connect_step1(struct connectdata *conn,
  ctx_options |= SSL_OP_NO_TICKET;
 #endif

+#ifdef SSL_OP_NO_COMPRESSION
+  ctx_options |= SSL_OP_NO_COMPRESSION;
+#endif
+
 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
  /* mitigate CVE-2010-4180 */
  ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;