diff options
| author | Emilia Kasper <emilia@openssl.org> | 2016-02-02 16:26:38 +0100 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2016-02-03 18:08:16 +0100 |
| commit | dc5744cb78da6f2bcafeeefe22c604a51b52dfc5 (patch) | |
| tree | d1b336ac5e71896dcfd4217fc4e9c8ec3fd326a2 /doc | |
| parent | 0c20802c6a6008b28bfb0eac67d69f536edc60a7 (diff) | |
| download | openssl-dc5744cb78da6f2bcafeeefe22c604a51b52dfc5.tar.gz | |
RT3234: disable compression
CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression by
calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
the SSL_CONF library to configure compression. SSL_CONF continues to
work as before:
SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.
SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
no-op by default).
The command-line switch has changed from -no_comp to -comp.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/ssl/SSL_CONF_cmd.pod | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index a74117df0d..6947865318 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -131,9 +131,9 @@ These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>. Various bug workarounds are set, same as setting B<SSL_OP_ALL>. -=item B<-no_comp> +=item B<-comp> -Disables support for SSL/TLS compression, same as setting B<SSL_OP_NO_COMPRESS>. +Enables support for SSL/TLS compression, same as clearing B<SSL_OP_NO_COMPRESSION>. =item B<-no_ticket> @@ -495,6 +495,10 @@ Disable TLS session tickets: SSL_CONF_cmd(ctx, "Options", "-SessionTicket"); +Enable compression: + + SSL_CONF_cmd(ctx, "Options", "Compression"); + Set supported curves to P-256, P-384: SSL_CONF_cmd(ctx, "Curves", "P-256:P-384"); |