Disable SSL compression.

This commit is contained in:
Jan Vidar Krey 2012-11-01 10:17:17 +01:00
parent 19559f4974
commit ae62c35cb9

View File

@ -105,6 +105,13 @@ struct ssl_context_handle* net_ssl_context_create()
/* Disable SSLv2 */ /* Disable SSLv2 */
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
#ifdef SSL_OP_NO_COMPRESSION
/* Disable compression? */
LOG_TRACE("Disabling SSL compression."); /* "CRIME" attack */
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif
SSL_CTX_set_quiet_shutdown(ctx->ssl_ctx, 1); SSL_CTX_set_quiet_shutdown(ctx->ssl_ctx, 1);
return (struct ssl_context_handle*) ctx; return (struct ssl_context_handle*) ctx;