RT3234: disable compression

CRIME protection: disable compression by default, even if OpenSSL is compiled with zlib enabled. Applications can still enable compression by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using the SSL_CONF library to configure compression. SSL_CONF continues to work as before: SSL_CONF_cmd(ctx, "Options", "Compression") enables compression. SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now no-op by default). The command-line switch has changed from -no_comp to -comp. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-02-02 16:26:38 +0100
committer: Emilia Kasper <emilia@openssl.org> 2016-02-03 18:08:16 +0100
commit: dc5744cb78da6f2bcafeeefe22c604a51b52dfc5 (patch)
tree: d1b336ac5e71896dcfd4217fc4e9c8ec3fd326a2 /CHANGES
parent: 0c20802c6a6008b28bfb0eac67d69f536edc60a7 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index dd72036dd4..d0d3a2629a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 1.0.2f and 1.1.0  [xx XXX xxxx]
 
+  *) CRIME protection: disable compression by default, even if OpenSSL is
+     compiled with zlib enabled. Applications can still enable compression
+     by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by
+     using the SSL_CONF library to configure compression.
+     [Emilia Käsper]
+
   *) The signature of the session callback configured with
      SSL_CTX_sess_set_get_cb was changed. The read-only input buffer
      was explicitly marked as 'const unsigned char*' instead of
author	Emilia Kasper <emilia@openssl.org>	2016-02-02 16:26:38 +0100
committer	Emilia Kasper <emilia@openssl.org>	2016-02-03 18:08:16 +0100
commit	dc5744cb78da6f2bcafeeefe22c604a51b52dfc5 (patch)
tree	d1b336ac5e71896dcfd4217fc4e9c8ec3fd326a2 /CHANGES
parent	0c20802c6a6008b28bfb0eac67d69f536edc60a7 (diff)