Disable SSL compression

As reported in trac #502, SSL compression can cause problems in some corner
cases.  OpenVPN does not need SSL compression, since the control channel is
low bandwidth.  This does not influence the data channel compressen (i.e.
--comp or --comp-lzo).

Even though this has not yet been relevant for OpenVPN (since an attacker
can not easily control contents of control channel messages), SSL
compression has been used in the CRIME and BREACH attacks on TLS.  TLS 1.3
will probably even remove support for compression all together, for
exactly this reason.

Since we don't need it, and SSL compression causes issues, let's just
disable it in OpenSSL builds.  PolarSSL has no run-time flag to disable
compression, but is by default compiled without compression.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1424010266-5910-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9453
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 5d5233778868ddd568140c394adfcfc8e3453245)

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index a769b2a4d95efbef9f95f5d7279fe2c8956198f3..5207dfdca8a635695ec9aa76c01e2704c2f03961 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -237,6 +237,10 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags)
 #ifdef SSL_OP_NO_TLSv1_2
     if (tls_ver_min > TLS_VER_1_2 || tls_ver_max < TLS_VER_1_2)
       sslopt |= SSL_OP_NO_TLSv1_2;
+#endif
+#ifdef SSL_OP_NO_COMPRESSION
+    /* Disable compression - flag not available in OpenSSL 0.9.8 */
+    sslopt |= SSL_OP_NO_COMPRESSION;
 #endif
     SSL_CTX_set_options (ctx->ctx, sslopt);
   }