[glib-networking: 91/129] Disable TLS compression



commit 7cebad9fb7e5bde52c7efec543e8ac9999ab8e8a
Author: Joakim Tosteberg <joakim tosteberg zenterio com>
Date:   Fri Jan 12 14:46:49 2018 +0100

    Disable TLS compression
    
    TLS compression is insecure and should not be used, so make sure it is
    disabled.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=792604

 tls/openssl/gtlsclientconnection-openssl.c | 1 +
 tls/openssl/gtlsserverconnection-openssl.c | 1 +
 2 files changed, 2 insertions(+)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 428cdf4..6592ead 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -456,6 +456,7 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
 
   /* Only TLS 1.2 or higher */
   options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_COMPRESSION |
             SSL_OP_NO_SSLv2 |
             SSL_OP_NO_SSLv3 |
             SSL_OP_NO_TLSv1 |
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index a4d7448..d77f9b5 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -261,6 +261,7 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
 
   /* Only TLS 1.2 or higher */
   options = SSL_OP_NO_TICKET |
+            SSL_OP_NO_COMPRESSION |
             SSL_OP_CIPHER_SERVER_PREFERENCE |
             SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
             SSL_OP_SINGLE_ECDH_USE |


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]