diff options
| author | Emilia Kasper <emilia@openssl.org> | 2016-02-02 16:26:38 +0100 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2016-02-03 18:08:16 +0100 |
| commit | dc5744cb78da6f2bcafeeefe22c604a51b52dfc5 (patch) | |
| tree | d1b336ac5e71896dcfd4217fc4e9c8ec3fd326a2 /apps | |
| parent | Fix pkeyutl/rsautl empty encrypt-input/decrypt-output handling (diff) | |
| download | openssl-dc5744cb78da6f2bcafeeefe22c604a51b52dfc5.tar.xz openssl-dc5744cb78da6f2bcafeeefe22c604a51b52dfc5.zip | |
RT3234: disable compression
CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression by
calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
the SSL_CONF library to configure compression. SSL_CONF continues to
work as before:
SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.
SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
no-op by default).
The command-line switch has changed from -no_comp to -comp.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/apps.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/apps/apps.h b/apps/apps.h index 93172b5eb0..52e57f8321 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -285,7 +285,7 @@ void wait_for_async(SSL *s); # define OPT_S_ENUM \ OPT_S__FIRST=3000, \ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ - OPT_S_BUGS, OPT_S_NOCOMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \ + OPT_S_BUGS, OPT_S_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ @@ -298,7 +298,7 @@ void wait_for_async(SSL *s); {"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \ {"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \ {"bugs", OPT_S_BUGS, '-' }, \ - {"no_comp", OPT_S_NOCOMP, '-', "Don't use SSL/TLS-level compression" }, \ + {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ {"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \ {"no_ticket", OPT_S_NOTICKET, '-' }, \ {"serverpref", OPT_S_SERVERPREF, '-' }, \ @@ -327,7 +327,7 @@ void wait_for_async(SSL *s); case OPT_S_NOTLS1_1: \ case OPT_S_NOTLS1_2: \ case OPT_S_BUGS: \ - case OPT_S_NOCOMP: \ + case OPT_S_COMP: \ case OPT_S_ECDHSINGLE: \ case OPT_S_NOTICKET: \ case OPT_S_SERVERPREF: \ |