> Hi - This patch disables openssl compression - not sure if this is a > security risk or not... but, I don't think I like the encryption library > performing compression anyway, it's complicated already. Maybe. Just FYI, with latest RHEL5+6 openssl now disables compression by default. I guess the end result for cyrus is the same like with your patch? Maybe other distributions do the same. Simon > > Chris > > > diff -rupN cyrus-imapd-2.4.17/imap/tls.c cyrus-imapd-2.4.17.f/imap/tls.c > --- cyrus-imapd-2.4.17/imap/tls.c 2012-12-01 19:57:54.000000000 +0000 > +++ cyrus-imapd-2.4.17.f/imap/tls.c 2013-01-18 15:27:58.000000000 +0000 > @@ -667,6 +667,11 @@ int tls_init_serverengine(const char > off |= SSL_OP_NO_SSLv3; > } > SSL_CTX_set_options(s_ctx, off); > + > +#ifdef SSL_OP_NO_COMPRESSION > + SSL_CTX_set_options(s_ctx, SSL_OP_NO_COMPRESSION); > +#endif > + > SSL_CTX_set_info_callback(s_ctx, (void (*)()) > apps_ssl_info_callback); > > /* Don't use an internal session cache */ > > > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
