[glib-openssl] Disable TLS compression

From: Ignacio Casal Quinteiro <icq src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-openssl] Disable TLS compression
Date: Fri, 19 Jan 2018 07:39:56 +0000 (UTC)

commit 7cebad9fb7e5bde52c7efec543e8ac9999ab8e8a
Author: Joakim Tosteberg <joakim tosteberg zenterio com>
Date:   Fri Jan 12 14:46:49 2018 +0100

    Disable TLS compression
    
    TLS compression is insecure and should not be used, so make sure it is
    disabled.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=792604

 tls/openssl/gtlsclientconnection-openssl.c |    1 +
 tls/openssl/gtlsserverconnection-openssl.c |    1 +
 2 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 428cdf4..6592ead 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -456,6 +456,7 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
 
   /* Only TLS 1.2 or higher */
   options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_COMPRESSION |
             SSL_OP_NO_SSLv2 |
             SSL_OP_NO_SSLv3 |
             SSL_OP_NO_TLSv1 |
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index a4d7448..d77f9b5 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -261,6 +261,7 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
 
   /* Only TLS 1.2 or higher */
   options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_COMPRESSION |
             SSL_OP_CIPHER_SERVER_PREFERENCE |
             SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
             SSL_OP_SINGLE_ECDH_USE |

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]