Ouch. We were sometimes getting openssl compression by default. This is pointless...

svn:r14830

diff --git a/ChangeLog b/ChangeLog
index cfe5e3b0069946c048f34e4e997e0a87df0e3234..47faaaa3b5e18f6990d87589a32efd9c3f0a4b74 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -107,6 +107,9 @@ Changes in version 0.2.1.1-alpha - 2008-??-??
     - New configure/torrc options (--enable-geoip-stats,
       DirRecordUsageByCountry) to record how many IPs we've served directory
       info to in each country code.
+    - Never use OpenSSL compression: it wastes RAM and CPU trying to
+      compress cells, which are basically all encrypted, compressed, or
+      both.
 
   o Minor features (security):
     - Reject requests for reverse-dns lookup of names in a private

diff --git a/src/common/tortls.c b/src/common/tortls.c
index b931176973a480bc6e6df738cf90ff7e236cf7cf..752ff6f8f877cea6b61806629d133ba571268b7e 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -564,6 +564,10 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
 #endif
   SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
+  /* Don't actually allow compression; it uses ram and time, but the data
+   * we transmit is all encrypted anyway. */
+  if (result->ctx->comp_methods)
+    result->ctx->comp_methods = NULL;
 #ifdef SSL_MODE_RELEASE_BUFFERS
   SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
 #endif