Restore -no_comp switch for backwards compatible behaviour
Reviewed-by: Emilia Käsper <emilia@openssl.org>
This commit is contained in:
Viktor Dukhovni
@@ -285,11 +285,11 @@ void wait_for_async(SSL *s);
|
|||||||
# define OPT_S_ENUM \
|
# define OPT_S_ENUM \
|
||||||
OPT_S__FIRST=3000, \
|
OPT_S__FIRST=3000, \
|
||||||
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
|
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
|
||||||
OPT_S_BUGS, OPT_S_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
|
OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
|
||||||
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
|
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
|
||||||
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
|
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
|
||||||
OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
|
OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
|
||||||
OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \
|
OPT_S_DHPARAM, OPT_S_DEBUGBROKE, OPT_S_COMP, \
|
||||||
OPT_S__LAST
|
OPT_S__LAST
|
||||||
|
|
||||||
# define OPT_S_OPTIONS \
|
# define OPT_S_OPTIONS \
|
||||||
@@ -298,6 +298,7 @@ void wait_for_async(SSL *s);
|
|||||||
{"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
|
{"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
|
||||||
{"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
|
{"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
|
||||||
{"bugs", OPT_S_BUGS, '-' }, \
|
{"bugs", OPT_S_BUGS, '-' }, \
|
||||||
|
{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
|
||||||
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
|
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
|
||||||
{"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
|
{"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
|
||||||
{"no_ticket", OPT_S_NOTICKET, '-' }, \
|
{"no_ticket", OPT_S_NOTICKET, '-' }, \
|
||||||
@@ -327,6 +328,7 @@ void wait_for_async(SSL *s);
|
|||||||
case OPT_S_NOTLS1_1: \
|
case OPT_S_NOTLS1_1: \
|
||||||
case OPT_S_NOTLS1_2: \
|
case OPT_S_NOTLS1_2: \
|
||||||
case OPT_S_BUGS: \
|
case OPT_S_BUGS: \
|
||||||
|
case OPT_S_NO_COMP: \
|
||||||
case OPT_S_COMP: \
|
case OPT_S_COMP: \
|
||||||
case OPT_S_ECDHSINGLE: \
|
case OPT_S_ECDHSINGLE: \
|
||||||
case OPT_S_NOTICKET: \
|
case OPT_S_NOTICKET: \
|
||||||
|
|||||||
@@ -71,6 +71,8 @@ B<openssl> B<s_client>
|
|||||||
[B<-fallback_scsv>]
|
[B<-fallback_scsv>]
|
||||||
[B<-async>]
|
[B<-async>]
|
||||||
[B<-bugs>]
|
[B<-bugs>]
|
||||||
|
[B<-comp>]
|
||||||
|
[B<-no_comp>]
|
||||||
[B<-cipher cipherlist>]
|
[B<-cipher cipherlist>]
|
||||||
[B<-serverpref>]
|
[B<-serverpref>]
|
||||||
[B<-starttls protocol>]
|
[B<-starttls protocol>]
|
||||||
@@ -326,6 +328,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine
|
|||||||
there are several known bug in SSL and TLS implementations. Adding this
|
there are several known bug in SSL and TLS implementations. Adding this
|
||||||
option enables various workarounds.
|
option enables various workarounds.
|
||||||
|
|
||||||
|
=item B<-comp>
|
||||||
|
|
||||||
|
Enables support for SSL/TLS compression.
|
||||||
|
This option was introduced in OpenSSL 1.1.0.
|
||||||
|
TLS compression is not recommended and is off by default as of
|
||||||
|
OpenSSL 1.1.0.
|
||||||
|
|
||||||
|
=item B<-no_comp>
|
||||||
|
|
||||||
|
Disables support for SSL/TLS compression.
|
||||||
|
TLS compression is not recommended and is off by default as of
|
||||||
|
OpenSSL 1.1.0.
|
||||||
|
|
||||||
=item B<-brief>
|
=item B<-brief>
|
||||||
|
|
||||||
only provide a brief summary of connection parameters instead of the
|
only provide a brief summary of connection parameters instead of the
|
||||||
|
|||||||
@@ -77,6 +77,8 @@ B<openssl> B<s_server>
|
|||||||
[B<-no_tls1>]
|
[B<-no_tls1>]
|
||||||
[B<-no_dhe>]
|
[B<-no_dhe>]
|
||||||
[B<-bugs>]
|
[B<-bugs>]
|
||||||
|
[B<-comp>]
|
||||||
|
[B<-no_comp>]
|
||||||
[B<-brief>]
|
[B<-brief>]
|
||||||
[B<-www>]
|
[B<-www>]
|
||||||
[B<-WWW>]
|
[B<-WWW>]
|
||||||
@@ -313,6 +315,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine
|
|||||||
there are several known bug in SSL and TLS implementations. Adding this
|
there are several known bug in SSL and TLS implementations. Adding this
|
||||||
option enables various workarounds.
|
option enables various workarounds.
|
||||||
|
|
||||||
|
=item B<-comp>
|
||||||
|
|
||||||
|
Enable negotiation of TLS compression.
|
||||||
|
This option was introduced in OpenSSL 1.1.0.
|
||||||
|
TLS compression is not recommended and is off by default as of
|
||||||
|
OpenSSL 1.1.0.
|
||||||
|
|
||||||
|
=item B<-no_comp>
|
||||||
|
|
||||||
|
Disable negotiation of TLS compression.
|
||||||
|
TLS compression is not recommended and is off by default as of
|
||||||
|
OpenSSL 1.1.0.
|
||||||
|
|
||||||
=item B<-brief>
|
=item B<-brief>
|
||||||
|
|
||||||
only provide a brief summary of connection parameters instead of the
|
only provide a brief summary of connection parameters instead of the
|
||||||
|
|||||||
@@ -133,7 +133,16 @@ Various bug workarounds are set, same as setting B<SSL_OP_ALL>.
|
|||||||
|
|
||||||
=item B<-comp>
|
=item B<-comp>
|
||||||
|
|
||||||
Enables support for SSL/TLS compression, same as clearing B<SSL_OP_NO_COMPRESSION>.
|
Enables support for SSL/TLS compression, same as clearing
|
||||||
|
B<SSL_OP_NO_COMPRESSION>.
|
||||||
|
This command was introduced in OpenSSL 1.1.0.
|
||||||
|
As of OpenSSL 1.1.0, compression is off by default.
|
||||||
|
|
||||||
|
=item B<-no_comp>
|
||||||
|
|
||||||
|
Disables support for SSL/TLS compression, same as setting
|
||||||
|
B<SSL_OP_NO_COMPRESSION>.
|
||||||
|
As of OpenSSL 1.1.0, compression is off by default.
|
||||||
|
|
||||||
=item B<-no_ticket>
|
=item B<-no_ticket>
|
||||||
|
|
||||||
|
|||||||
@@ -581,6 +581,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
|
|||||||
SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
|
SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
|
||||||
SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
|
SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
|
||||||
SSL_CONF_CMD_SWITCH("bugs", 0),
|
SSL_CONF_CMD_SWITCH("bugs", 0),
|
||||||
|
SSL_CONF_CMD_SWITCH("no_comp", 0),
|
||||||
SSL_CONF_CMD_SWITCH("comp", 0),
|
SSL_CONF_CMD_SWITCH("comp", 0),
|
||||||
SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
|
SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
|
||||||
SSL_CONF_CMD_SWITCH("no_ticket", 0),
|
SSL_CONF_CMD_SWITCH("no_ticket", 0),
|
||||||
@@ -640,7 +641,8 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
|
|||||||
{SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */
|
{SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */
|
||||||
{SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */
|
{SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */
|
||||||
{SSL_OP_ALL, 0}, /* bugs */
|
{SSL_OP_ALL, 0}, /* bugs */
|
||||||
{SSL_OP_NO_COMPRESSION, 1}, /* comp */
|
{SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
|
||||||
|
{SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
|
||||||
{SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
|
{SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
|
||||||
{SSL_OP_NO_TICKET, 0}, /* no_ticket */
|
{SSL_OP_NO_TICKET, 0}, /* no_ticket */
|
||||||
{SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
|
{SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
|
||||||
|
|||||||
@@ -183,7 +183,7 @@ sub start
|
|||||||
or die "Failed to redirect stdout: $!";
|
or die "Failed to redirect stdout: $!";
|
||||||
open(STDERR, ">&STDOUT");
|
open(STDERR, ">&STDOUT");
|
||||||
my $execcmd = $self->execute
|
my $execcmd = $self->execute
|
||||||
." s_server -rev -engine ossltest -accept "
|
." s_server -no_comp -rev -engine ossltest -accept "
|
||||||
.($self->server_port)
|
.($self->server_port)
|
||||||
." -cert ".$self->cert." -naccept ".$self->serverconnects;
|
." -cert ".$self->cert." -naccept ".$self->serverconnects;
|
||||||
if ($self->ciphers ne "") {
|
if ($self->ciphers ne "") {
|
||||||
|
|||||||
Reference in New Issue
Block a user