small patch to disable openssl compression

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi - This patch disables openssl compression - not sure if this is a
security risk or not... but, I don't think I like the encryption library
performing compression anyway, it's complicated already. Maybe.

Chris


diff -rupN cyrus-imapd-2.4.17/imap/tls.c cyrus-imapd-2.4.17.f/imap/tls.c
--- cyrus-imapd-2.4.17/imap/tls.c	2012-12-01 19:57:54.000000000 +0000
+++ cyrus-imapd-2.4.17.f/imap/tls.c	2013-01-18 15:27:58.000000000 +0000
@@ -667,6 +667,11 @@ int     tls_init_serverengine(const char
 	off |= SSL_OP_NO_SSLv3;
     }
     SSL_CTX_set_options(s_ctx, off);
+
+#ifdef SSL_OP_NO_COMPRESSION
+    SSL_CTX_set_options(s_ctx, SSL_OP_NO_COMPRESSION);
+#endif
+
     SSL_CTX_set_info_callback(s_ctx, (void (*)())
apps_ssl_info_callback);
 
     /* Don't use an internal session cache */


----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux