git.librecmc.org Git - oweals/openssl.git/commit

author	Emilia Kasper <emilia@openssl.org>
	Tue, 2 Feb 2016 15:26:38 +0000 (16:26 +0100)
committer	Emilia Kasper <emilia@openssl.org>
	Wed, 3 Feb 2016 17:08:16 +0000 (18:08 +0100)
commit	dc5744cb78da6f2bcafeeefe22c604a51b52dfc5
tree	d1b336ac5e71896dcfd4217fc4e9c8ec3fd326a2	tree \| snapshot
parent	0c20802c6a6008b28bfb0eac67d69f536edc60a7	commit \| diff

RT3234: disable compression

CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression by
calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
the SSL_CONF library to configure compression. SSL_CONF continues to
work as before:

SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.

SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
no-op by default).

The command-line switch has changed from -no_comp to -comp.

Reviewed-by: Rich Salz <rsalz@openssl.org>

CHANGES		diff \| blob \| history
apps/apps.h		diff \| blob \| history
doc/ssl/SSL_CONF_cmd.pod		diff \| blob \| history
ssl/ssl_conf.c		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history
util/TLSProxy/Proxy.pm		diff \| blob \| history