From fa1ae0abcde5df8d0b3283299e3f246bedf7692c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Mon, 12 Nov 2012 16:41:58 +0100
Subject: OpenSSL: Disable SSL/TLS compression

It either causes increased memory usage or exposes users
to the "CRIME attack" (CVE-2012-4929)
---
 lib/ssluse.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/ssluse.c')

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 7c4c9269a..92ae2e3e9 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1501,6 +1501,10 @@ ossl_connect_step1(struct connectdata *conn,
   ctx_options |= SSL_OP_NO_TICKET;
 #endif
 
+#ifdef SSL_OP_NO_COMPRESSION
+  ctx_options |= SSL_OP_NO_COMPRESSION;
+#endif
+
 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
   /* mitigate CVE-2010-4180 */
   ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
-- 
cgit v1.2.3