Make it possible to enable/disable TLS compression

diff --git a/doc/guide.tex b/doc/guide.tex
index 6f110cd961737b079959e8eb62e81c967a920b37..c8e208bbb7a929a837d9af09a066db2e8a1d2470 100644 (file)
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -829,10 +829,10 @@ The available modules, their purpose and the options allowed by each one are:
     Options: \texttt{access}, \texttt{certfile}, \texttt{max\_fsm\_queue},
     \texttt{max\_stanza\_size}, \texttt{shaper},
     \texttt{starttls}, \texttt{starttls\_required}, \texttt{tls},
-    \texttt{zlib}
+    \texttt{zlib}, \texttt{tls\_compression}
   \titem{\texttt{ejabberd\_s2s\_in}}
     Handles incoming s2s connections.\\
-    Options: \texttt{max\_stanza\_size}, \texttt{shaper}
+    Options: \texttt{max\_stanza\_size}, \texttt{shaper}, \texttt{tls\_compression}
   \titem{\texttt{ejabberd\_service}}
     Interacts with an \footahref{http://www.ejabberd.im/tutorials-transports}{external component}
     (as defined in the Jabber Component Protocol (\xepref{0114}).\\
@@ -845,7 +845,7 @@ The available modules, their purpose and the options allowed by each one are:
   \titem{\texttt{ejabberd\_http}}
     Handles incoming HTTP connections.\\
     Options: \texttt{captcha}, \texttt{certfile}, \texttt{default\_host}, \texttt{http\_bind}, \texttt{http\_poll},
-    \texttt{request\_handlers}, \texttt{tls}, \texttt{trusted\_proxies}, \texttt{web\_admin}\\
+    \texttt{request\_handlers}, \texttt{tls}, \texttt{tls\_compression}, \texttt{trusted\_proxies}, \texttt{web\_admin}\\
 \end{description}
 
 
@@ -975,6 +975,8 @@ This is a detailed description of each option allowed by the listening modules:
     which can be enabled in \ejabberd{} with the option \term{starttls}.
     If this option is set, you should also set the \option{certfile} option.
     The option \term{tls} can also be used in \term{ejabberd\_http} to support HTTPS.
+  \titem{\{tls\_compression, true|false\}}
+  Whether to enable or disable TLS compression. The default value is \term{true}.
   \titem{\{trusted\_proxies, all | [IpString]\}} \ind{options!trusted\_proxies}
     Specify what proxies are trusted when an HTTP request contains the header \term{X-Forwarded-For}
     You can specify \term{all} to allow all proxies, or specify a list of IPs in string format.
@@ -1019,6 +1021,9 @@ There are some additional global options that can be specified in the ejabberd c
   \titem{\{s2s\_max\_retry\_delay, Seconds\}} \ind{options!s2s\_max\_retry\_delay}
   The maximum allowed delay for retry to connect after a failed connection attempt.
   Specified in seconds. The default value is 300 seconds (5 minutes).
+  \titem{\{s2s\_tls\_compression, true|false\}}
+  Whether to enable or disable TLS compression for s2s connections.
+  The default value is \term{true}.
   \titem{\{max\_fsm\_queue, Size\}}
     This option specifies the maximum number of elements in the queue of the FSM
     (Finite State Machine).

diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index c7038e6b2c4930957f59e7d09747121cea6b18f7..5e50d9bf9976b4f2d16ed8aef2a8713425c81e5c 100644 (file)
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -244,7 +244,11 @@ init([{SockMod, Socket}, Opts]) ->
                                (_) -> false
                            end,
                            Opts),
-    TLSOpts = [verify_none | TLSOpts1],
+    TLSOpts2 = case proplists:get_bool(tls_compression, Opts) of
+                   false -> [compression_none | TLSOpts1];
+                   true -> TLSOpts1
+               end,
+    TLSOpts = [verify_none | TLSOpts2],
     IP = peerip(SockMod, Socket),
     %% Check if IP is blacklisted:
     case is_ip_blacklisted(IP) of

diff --git a/src/ejabberd_http.erl b/src/ejabberd_http.erl
index 0af7adc374ba3b571d0f040da9a655bbb8df098c..899d50eb30b3ca0eef5cbb2e6f90c5a9dd051480 100644 (file)
--- a/src/ejabberd_http.erl
+++ b/src/ejabberd_http.erl
@@ -96,7 +96,11 @@ init({SockMod, Socket}, Opts) ->
                                (_) -> false
                            end,
                            Opts),
-    TLSOpts = [verify_none | TLSOpts1],
+    TLSOpts2 = case proplists:get_bool(tls_compression, Opts) of
+                   false -> [compression_none | TLSOpts1];
+                   true -> TLSOpts1
+               end,
+    TLSOpts = [verify_none | TLSOpts2],
     {SockMod1, Socket1} = if TLSEnabled ->
                                 inet:setopts(Socket, [{recbuf, 8192}]),
                                 {ok, TLSSocket} = p1_tls:tcp_to_tls(Socket,

diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl
index 1e8cbee78b87767ac87e775f565464ed8ba9ec81..7692614eac9087c8aa0542afef5a676fe9b6d432 100644 (file)
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -171,12 +171,16 @@ init([{SockMod, Socket}, Opts]) ->
             required_trusted ->
                 {true, true, true}
         end,
-    TLSOpts = case ejabberd_config:get_local_option(
+    TLSOpts1 = case ejabberd_config:get_local_option(
                      s2s_certfile,
                      fun iolist_to_binary/1) of
                   undefined -> [];
                   CertFile -> [{certfile, CertFile}]
              end,
+    TLSOpts = case proplists:get_bool(tls_compression, Opts) of
+                  false -> [compression_none | TLSOpts1];
+                  true -> TLSOpts1
+              end,
     Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
     {ok, wait_for_stream,
      #state{socket = Socket, sockmod = SockMod,
@@ -319,7 +323,7 @@ wait_for_feature_request({xmlstreamelement, El},
               SockMod == gen_tcp ->
          ?DEBUG("starttls", []),
          Socket = StateData#state.socket,
-         TLSOpts = case
+         TLSOpts1 = case
                      ejabberd_config:get_local_option(
                         {domain_certfile, StateData#state.server},
                         fun iolist_to_binary/1) of
@@ -328,6 +332,14 @@ wait_for_feature_request({xmlstreamelement, El},
                          [{certfile, CertFile} | lists:keydelete(certfile, 1,
                                                                  StateData#state.tls_options)]
                    end,
+          TLSOpts = case ejabberd_config:get_local_option(
+                           {s2s_tls_compression, StateData#state.server},
+                           fun(true) -> true;
+                              (false) -> false
+                           end, true) of
+                        true -> lists:delete(compression_none, TLSOpts1);
+                        false -> [compression_none | TLSOpts1]
+                    end,
          TLSSocket = (StateData#state.sockmod):starttls(Socket,
                                                         TLSOpts,
                                                         xml:element_to_binary(#xmlel{name

diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl
index 9829b621dd709775b70f85dea93c79bedc5871d0..1aaaa99988af927beeee56dd3a5103b2970e0694 100644 (file)
--- a/src/ejabberd_s2s_out.erl
+++ b/src/ejabberd_s2s_out.erl
@@ -183,13 +183,21 @@ init([From, Server, Type]) ->
                               {true, true}
                         end,
     UseV10 = TLS,
-    TLSOpts = case
+    TLSOpts1 = case
                ejabberd_config:get_local_option(
                   s2s_certfile, fun iolist_to_binary/1)
                  of
                undefined -> [connect];
                CertFile -> [{certfile, CertFile}, connect]
              end,
+    TLSOpts = case ejabberd_config:get_local_option(
+                     {s2s_tls_compression, From},
+                     fun(true) -> true;
+                        (false) -> false
+                     end, true) of
+                  false -> [compression_none | TLSOpts1];
+                  true -> TLSOpts1
+              end,
     {New, Verify} = case Type of
                      {new, Key} -> {Key, false};
                      {verify, Pid, Key, SID} ->