OpenSSL: Disable SSL/TLS compression
It either causes increased memory usage or exposes users to the "CRIME attack" (CVE-2012-4929)
This commit is contained in:
Cristian Rodríguez
committed by
Daniel Stenberg
Daniel Stenberg
parent
38ed72cd37
commit
fa1ae0abcd
@@ -1501,6 +1501,10 @@ ossl_connect_step1(struct connectdata *conn,
|
|||||||
ctx_options |= SSL_OP_NO_TICKET;
|
ctx_options |= SSL_OP_NO_TICKET;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef SSL_OP_NO_COMPRESSION
|
||||||
|
ctx_options |= SSL_OP_NO_COMPRESSION;
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
||||||
/* mitigate CVE-2010-4180 */
|
/* mitigate CVE-2010-4180 */
|
||||||
ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
|
ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
|
||||||
|
|||||||
Reference in New Issue
Block a user