From 773d14e740fadfc13687a3ff78bf8106380a346c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Janouch?= <p.janouch@gmail.com>
Date: Mon, 18 Jan 2016 00:44:45 +0100
Subject: [PATCH] degesch: disable TLS compression

---
 degesch.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/degesch.c b/degesch.c
index 1997aea..30af309 100644
--- a/degesch.c
+++ b/degesch.c
@@ -4474,6 +4474,13 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
 	// Disable deprecated protocols (see RFC 7568)
 	SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 
+	// This seems to consume considerable amounts of memory while not giving
+	// that much in return; in addition to that, I'm not sure about security
+	// (see RFC 7525, section 3.3)
+#ifdef SSL_OP_NO_COMPRESSION
+	SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_COMPRESSION);
+#endif // SSL_OP_NO_COMPRESSION
+
 	const char *ca_file = get_config_string (s->config, "tls_ca_file");
 	const char *ca_path = get_config_string (s->config, "tls_ca_path");