On Fri, Dec 28, 2012, Jeffrey Walton wrote: > On Fri, Dec 28, 2012 at 3:23 PM, Michael Mueller <abaci....@gmail.com> wrote: > > i was going to do this: > > > > SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION); > Yeah, it looks like that's the option. I would prefer to remove the > code paths all together though. > > If the code path does not exist, it cannot be executed. >
Unless OpenSSL has been build with the zlib or zlib-dynamic option it wont use zlib. Since that's the only compression method standardised for SSL/TLS it effectively disables compression for SSL/TLS as a side effect as there are no compression methods available. If you want to use zlib for other purposes (e.g. the command line option or CMS) but disable its use for SSL/TLS you'd compile OpenSSL with the "no-comp" option but include zlib or zlib-dynamic. All of the above options apply to the OpenSSL library only: so an application needs to be linked to that version of OpenSSL to disable compression. There is also the runtime option SSL_OP_NO_COMPRESSION. That will disable compression for SSL/TLS even if the application is linked against a version of OpenSSL with SSL/TLS compression enabled. If the linked version of OpenSSL already disables SSL/TLS compression that option has no effect. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
