[glib-networking: 91/129] Disable TLS compression
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking: 91/129] Disable TLS compression
- Date: Sat, 2 Feb 2019 22:51:02 +0000 (UTC)
commit 7cebad9fb7e5bde52c7efec543e8ac9999ab8e8a
Author: Joakim Tosteberg <joakim tosteberg zenterio com>
Date: Fri Jan 12 14:46:49 2018 +0100
Disable TLS compression
TLS compression is insecure and should not be used, so make sure it is
disabled.
https://bugzilla.gnome.org/show_bug.cgi?id=792604
tls/openssl/gtlsclientconnection-openssl.c | 1 +
tls/openssl/gtlsserverconnection-openssl.c | 1 +
2 files changed, 2 insertions(+)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 428cdf4..6592ead 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -456,6 +456,7 @@ g_tls_client_connection_openssl_initable_init (GInitable *initable,
/* Only TLS 1.2 or higher */
options = SSL_OP_NO_TICKET |
+ SSL_OP_NO_COMPRESSION |
SSL_OP_NO_SSLv2 |
SSL_OP_NO_SSLv3 |
SSL_OP_NO_TLSv1 |
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index a4d7448..d77f9b5 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -261,6 +261,7 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
/* Only TLS 1.2 or higher */
options = SSL_OP_NO_TICKET |
+ SSL_OP_NO_COMPRESSION |
SSL_OP_CIPHER_SERVER_PREFERENCE |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
SSL_OP_SINGLE_ECDH_USE |
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]