diff options
author | Emilia Kasper <emilia@openssl.org> | 2016-02-02 16:26:38 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2016-02-03 18:08:16 +0100 |
commit | dc5744cb78da6f2bcafeeefe22c604a51b52dfc5 (patch) | |
tree | d1b336ac5e71896dcfd4217fc4e9c8ec3fd326a2 /util/TLSProxy | |
parent | 0c20802c6a6008b28bfb0eac67d69f536edc60a7 (diff) | |
download | openssl-dc5744cb78da6f2bcafeeefe22c604a51b52dfc5.tar.gz |
RT3234: disable compression
CRIME protection: disable compression by default, even if OpenSSL is
compiled with zlib enabled. Applications can still enable compression by
calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
the SSL_CONF library to configure compression. SSL_CONF continues to
work as before:
SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.
SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
no-op by default).
The command-line switch has changed from -no_comp to -comp.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'util/TLSProxy')
-rw-r--r-- | util/TLSProxy/Proxy.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index 0abd312462..8d18dcc7c1 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -142,7 +142,7 @@ sub start or die "Failed to redirect stdout"; open(STDERR, ">&STDOUT"); my $execcmd = $self->execute - ." s_server -no_comp -rev -engine ossltest -accept " + ." s_server -rev -engine ossltest -accept " .($self->server_port) ." -cert ".$self->cert." -naccept ".$self->serverconnects; if ($self->ciphers ne "") { |