From: Cristian Rodríguez <crrodriguez@opensuse.org>
Date: Mon, 12 Nov 2012 15:41:58 +0000 (+0100)
Subject: OpenSSL: Disable SSL/TLS compression
X-Git-Tag: curl-7_28_1~22
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fa1ae0abcde;p=curl

OpenSSL: Disable SSL/TLS compression

It either causes increased memory usage or exposes users
to the "CRIME attack" (CVE-2012-4929)
---

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 7c4c9269a..92ae2e3e9 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1501,6 +1501,10 @@ ossl_connect_step1(struct connectdata *conn,
   ctx_options |= SSL_OP_NO_TICKET;
 #endif
 
+#ifdef SSL_OP_NO_COMPRESSION
+  ctx_options |= SSL_OP_NO_COMPRESSION;
+#endif
+
 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
   /* mitigate CVE-2010-4180 */
   ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;