Check out the flag SSL_OP_NO_COMPRESSION in combination with the SSL_set_options() API.
(In the sample app apps/s_client.c it is used in conjunction with SSL_CTX_set_options(), but AFAIK you can also use it with SSL_set_options() without any problem.) Ger PS: since it sounds like you have a server doing this (as you hint at using fixed ports and client-side fixed ports are *quite* rare), you might also consider creating two 'contexts', i.e. one SSL_CTX with and one SSL_CTX without compression (done by calling SSL_CTX_set_options() on each of 'em with the desired flag set), where each context is then used to create all the SSL connections (and their SSL data structures) for a particular port X or Y. After all, both those ports seem to service SSL, but with different 'configurations' and that's what SSL_CTX is for: having multiple configurations ('contexts') available at run time. This is useful when you want to have different capabilities of different sets of SSL connections: supported compression, protocols, algorithms, etc. PPS: your comp_method NULLing doesn't work out, because SSL expects at least a 'nil' compression method (i.e. a properly initialized comp_method stack); that means you'd have an empty comp_method stack at least (comp_method != NULL). Which is different from an non-existing / uninitialized comp_method stack: comp_method = NULL. On Mon, Feb 23, 2009 at 10:03 AM, wwwclaes <tillcl...@hotmail.com> wrote: > > Hi, I have enabled ZLIB compression for my application. However, I want > connections on port X to be SSL and on port Y to be SSL + ZLIB compression > (the latter may be used over 3G connections). > > I have read that OpenSSL doesn't really handle this, it's all or nothing - > but I've anyhow tried to find a workaround for it. After... > > ctx = SSL_CTX_new(meth); > > ...I do... > > ctx->comp_methods = NULL; > > ...in case of port X. It seems to almost work ;-) On my machine (Ubuntu), it > works out just fine. But on our production server (RedHat) there is a > segmentation fault in... > > EVP_DigestFinal_ex(...) > ret=ctx->digest->final(ctx,md); > ssl3_get_message(...) > > ...because digest is NULL. This only happens when I've nulled the > comp_methods, so it is not working as planned. I think this might be > because... > > load_builtin_compressions() is called from ssl_cipher_get_evp() which is > called from ssl3_setup_key_block > > ...which reverts my NULL:ing somewhere in the handshake and messes things > up. > > Enough of technical details for now. Has anyone been able to do per-session > configuration of ZLIB compression or do you have any ideas how it can be > achieved? It would be a nice thing to have, if not I have to use ZLIB above > the OpenSSL layer. > > Thanks, > Claes > -- > View this message in context: > http://www.nabble.com/ZLIB-compression-on-and-off-tp22101041p22101041.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org