On Tue, Oct 23, 2012, Tomas Hoger wrote: > On Thu, 18 Oct 2012 23:55:41 +0200 Andrey Kulikov wrote: > > > > OpenSSL enables zlib by default. > > > > Could you please advice for what version and platform this is true? > > > > openssl-1.0.1c for linux-elf > > has no-zlib configured by default. > > Sorry, I asked the wrong way. OpenSSL, when compiled with zlib > support, enables deflate (id 1) compression by default. I was > wondering if this should stay as is or should change to disabled by > default even when zlib support is compiled in (i.e. compression will > only get used when explicitly enabled by an application using the > library). The change would render SSL_OP_NO_COMPRESSION meaningless > and possibly want a new option for doing the opposite. >
There isn't any room in the "options" field for new options, so that's tricky. An alternative would be to set SSL_OP_NO_COMPRESSION by default and require applications that need compression support to explicilty clear it with SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION); Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
