aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCristian Rodríguez <crrodriguez@opensuse.org>2012-11-12 16:41:58 +0100
committerDaniel Stenberg <daniel@haxx.se>2012-11-13 23:01:28 +0100
commitfa1ae0abcde5df8d0b3283299e3f246bedf7692c (patch)
treef2dcd93d01be7ee53b949860251eb3203effcab8
parent38ed72cd3733e0d809c4b7023151d3f06e7274ef (diff)
OpenSSL: Disable SSL/TLS compression
It either causes increased memory usage or exposes users to the "CRIME attack" (CVE-2012-4929)
-rw-r--r--lib/ssluse.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 7c4c9269a..92ae2e3e9 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1501,6 +1501,10 @@ ossl_connect_step1(struct connectdata *conn,
ctx_options |= SSL_OP_NO_TICKET;
#endif
+#ifdef SSL_OP_NO_COMPRESSION
+ ctx_options |= SSL_OP_NO_COMPRESSION;
+#endif
+
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
/* mitigate CVE-2010-4180 */
ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;