]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0c20802) | patch
RT3234: disable compression
authorEmilia Kasper <emilia@openssl.org>
Tue, 2 Feb 2016 15:26:38 +0000 (16:26 +0100)
committerEmilia Kasper <emilia@openssl.org>
Wed, 3 Feb 2016 17:08:16 +0000 (18:08 +0100)
commitdc5744cb78da6f2bcafeeefe22c604a51b52dfc5
treed1b336ac5e71896dcfd4217fc4e9c8ec3fd326a2tree
parent0c20802c6a6008b28bfb0eac67d69f536edc60a7commit | diff
RT3234: disable compression

CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression by
calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
the SSL_CONF library to configure compression. SSL_CONF continues to
work as before:

SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.

SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
no-op by default).

The command-line switch has changed from -no_comp to -comp.

Reviewed-by: Rich Salz <rsalz@openssl.org>
CHANGES diff | blob | blame | history
apps/apps.h diff | blob | blame | history
doc/ssl/SSL_CONF_cmd.pod diff | blob | blame | history
ssl/ssl_conf.c diff | blob | blame | history
ssl/ssl_lib.c diff | blob | blame | history
util/TLSProxy/Proxy.pm diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git