Dear all, both s_client and s_server support the -no_comp option to disable SSL/TLS-level compression. This is quite handy for testing but it's not listed in the man pages.
The attached patch adds -no_comp to the man pages and usage outputs. Best regards, Martin
commit 49fe292fd260a2876a7f7c2f7e4539a060d31e2e Author: Martin Kaiser <[email protected]> Date: Sat Dec 20 16:04:52 2014 +0100 document the -no_comp command line option in s_client and s_server diff --git a/apps/s_client.c b/apps/s_client.c index 30ea743..cc1b8b5 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -341,6 +341,7 @@ static void sc_usage(void) BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3 - turn off that protocol\n"); + BIO_printf(bio_err," -no_comp - Don't use SSL/TLS-level compression\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); BIO_printf(bio_err," command to see what is available\n"); diff --git a/apps/s_server.c b/apps/s_server.c index 1e40769..ecd78d8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -520,6 +520,7 @@ static void sv_usage(void) #ifndef OPENSSL_NO_ECDH BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); #endif + BIO_printf(bio_err, "-no_comp - Don't offer SSL/TLS-level compression\n"); BIO_printf(bio_err, "-no_resume_ephemeral - Disable caching and tickets if ephemeral (EC)DH is used\n"); BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); BIO_printf(bio_err," -hack - workaround for early Netscape code\n"); diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 17308b4..cf63237 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -64,6 +64,7 @@ B<openssl> B<s_client> [B<-no_tls1>] [B<-no_tls1_1>] [B<-no_tls1_2>] +[B<-no_comp>] [B<-fallback_scsv>] [B<-bugs>] [B<-cipher cipherlist>] @@ -256,6 +257,10 @@ Unfortunately there are still ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only work if TLS is turned off. +=item B<-no_comp> + +Don't use SSL/TLS-level compression. + =item B<-fallback_scsv> Send TLS_FALLBACK_SCSV in the ClientHello. diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 1cc965f..8b78266 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -70,6 +70,7 @@ B<openssl> B<s_server> [B<-no_tls1>] [B<-no_dhe>] [B<-no_ecdhe>] +[B<-no_comp>] [B<-bugs>] [B<-brief>] [B<-hack>] @@ -283,6 +284,10 @@ these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3 or TLS as appropriate. +=item B<-no_comp> + +Don't offer SSL/TLS-level compression. + =item B<-bugs> there are several known bug in SSL and TLS implementations. Adding this
_______________________________________________ openssl-dev mailing list [email protected] https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
