degesch: disable TLS compression

This commit is contained in:
Přemysl Eric Janouch 2016-01-18 00:44:45 +01:00
parent 221ae03b5c
commit 773d14e740
1 changed files with 7 additions and 0 deletions

View File

@ -4474,6 +4474,13 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
// Disable deprecated protocols (see RFC 7568) // Disable deprecated protocols (see RFC 7568)
SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
// This seems to consume considerable amounts of memory while not giving
// that much in return; in addition to that, I'm not sure about security
// (see RFC 7525, section 3.3)
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_COMPRESSION);
#endif // SSL_OP_NO_COMPRESSION
const char *ca_file = get_config_string (s->config, "tls_ca_file"); const char *ca_file = get_config_string (s->config, "tls_ca_file");
const char *ca_path = get_config_string (s->config, "tls_ca_path"); const char *ca_path = get_config_string (s->config, "tls_ca_path");