From ae62c35cb91ced4d0c8dac858a15c06dd7f49847 Mon Sep 17 00:00:00 2001
From: Jan Vidar Krey <janvidar@extatic.org>
Date: Thu, 1 Nov 2012 10:17:17 +0100
Subject: [PATCH] Disable SSL compression.

---
 src/network/openssl.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/network/openssl.c b/src/network/openssl.c
index a0ba466..671d37f 100644
--- a/src/network/openssl.c
+++ b/src/network/openssl.c
@@ -105,6 +105,13 @@ struct ssl_context_handle* net_ssl_context_create()
 
 	/* Disable SSLv2 */
 	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
+
+#ifdef SSL_OP_NO_COMPRESSION
+	/* Disable compression? */
+	LOG_TRACE("Disabling SSL compression."); /* "CRIME" attack */
+	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION);
+#endif
+
 	SSL_CTX_set_quiet_shutdown(ctx->ssl_ctx, 1);
 
 	return (struct ssl_context_handle*) ctx;