diff options
author | Cristian RodrÃguez <crrodriguez@opensuse.org> | 2012-11-12 16:41:58 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2012-11-13 23:01:28 +0100 |
commit | fa1ae0abcde5df8d0b3283299e3f246bedf7692c (patch) | |
tree | f2dcd93d01be7ee53b949860251eb3203effcab8 | |
parent | 38ed72cd3733e0d809c4b7023151d3f06e7274ef (diff) |
OpenSSL: Disable SSL/TLS compression
It either causes increased memory usage or exposes users
to the "CRIME attack" (CVE-2012-4929)
-rw-r--r-- | lib/ssluse.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index 7c4c9269a..92ae2e3e9 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1501,6 +1501,10 @@ ossl_connect_step1(struct connectdata *conn, ctx_options |= SSL_OP_NO_TICKET; #endif +#ifdef SSL_OP_NO_COMPRESSION + ctx_options |= SSL_OP_NO_COMPRESSION; +#endif + #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG /* mitigate CVE-2010-4180 */ ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; |