tls: set SSL_OP_NO_COMPRESSION explicitly

TLS compression is susceptible to the CRIME attack and
per-connection zlib contexts waste memory for idle clients.

While compression should already be off by default in modern OpenSSL;
Net::SSLeay::CTX_get_mode reveals OP_NO_COMPRESSION was not set
when created by IO::Socket::SSL::SSL_Context->new.  So set it
explicitly to ensure it's really off.

diff --git a/lib/PublicInbox/TLS.pm b/lib/PublicInbox/TLS.pm
index 3ce57f1b4069456ed01c3835849de92a1213fe9d..9a829deff062a3953e04ac68231438e63b246149 100644 (file)
--- a/lib/PublicInbox/TLS.pm
+++ b/lib/PublicInbox/TLS.pm
@@ -3,7 +3,7 @@
 
 # IO::Socket::SSL support code
 package PublicInbox::TLS;
-use strict;
+use v5.12;
 use IO::Socket::SSL;
 use PublicInbox::Syscall qw(EPOLLIN EPOLLOUT);
 use Carp qw(carp croak);
@@ -24,13 +24,16 @@ sub _ctx_new ($) {
                                @{$tlsd->{ssl_ctx_opt}}, SSL_server => 1) or
                croak "SSL_Context->new: $SSL_ERROR";
 
-       # save ~34K per idle connection (cf. SSL_CTX_set_mode(3ssl))
+       # SSL_MODE_RELEASE_BUFFERS saves ~34K per idle connection
+       # (cf. SSL_CTX_set_mode(3ssl))
        # RSS goes from 346MB to 171MB with 10K idle NNTPS clients on amd64
        # cf. https://rt.cpan.org/Ticket/Display.html?id=129463
-       my $mode = eval { Net::SSLeay::MODE_RELEASE_BUFFERS() };
-       if ($mode && $ctx->{context}) {
+       # SSL_OP_NO_COMPRESSION should be the default in OpenSSL nowadays:
+       # it avoids the CRIME attack and zlib memory overhead
+       for my $f (qw(MODE_RELEASE_BUFFERS OP_NO_COMPRESSION)) {
+               my $mode = eval "Net::SSLeay::$f()" or next;
                eval { Net::SSLeay::CTX_set_mode($ctx->{context}, $mode) };
-               warn "W: $@ (setting SSL_MODE_RELEASE_BUFFERS)\n" if $@;
+               warn "W: $@ (setting SSL_$f)\n" if $@;
        }
        $ctx;
 }