From: Cristian Rodríguez <crrodriguez@opensuse.org>
Date: Mon, 12 Nov 2012 15:41:58 +0000 (+0100)
Subject: OpenSSL: Disable SSL/TLS compression
X-Git-Tag: curl-7_28_1~22
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fa1ae0abcde;p=thirdparty%2Fcurl.git

OpenSSL: Disable SSL/TLS compression

It either causes increased memory usage or exposes users
to the "CRIME attack" (CVE-2012-4929)
---

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 7c4c9269ae..92ae2e3e9c 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1501,6 +1501,10 @@ ossl_connect_step1(struct connectdata *conn,
   ctx_options |= SSL_OP_NO_TICKET;
 #endif
 
+#ifdef SSL_OP_NO_COMPRESSION
+  ctx_options |= SSL_OP_NO_COMPRESSION;
+#endif
+
 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
   /* mitigate CVE-2010-4180 */
   ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;