Author: kgiusti Date: Thu Oct 16 14:52:44 2014 New Revision: 1632325 URL: http://svn.apache.org/r1632325 Log: PROTON-717: mitigate the CRIME SSL vulnerability
Modified: qpid/proton/trunk/proton-c/src/ssl/openssl.c Modified: qpid/proton/trunk/proton-c/src/ssl/openssl.c URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/src/ssl/openssl.c?rev=1632325&r1=1632324&r2=1632325&view=diff ============================================================================== --- qpid/proton/trunk/proton-c/src/ssl/openssl.c (original) +++ qpid/proton/trunk/proton-c/src/ssl/openssl.c Thu Oct 16 14:52:44 2014 @@ -481,6 +481,10 @@ pn_ssl_domain_t *pn_ssl_domain( pn_ssl_m } const long reject_insecure = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; SSL_CTX_set_options(domain->ctx, reject_insecure); +#ifdef SSL_OP_NO_COMPRESSION + // Mitigate the CRIME vulnerability + SSL_CTX_set_options(domain->ctx, SSL_OP_NO_COMPRESSION); +#endif // by default, allow anonymous ciphers so certificates are not required 'out of the box' if (!SSL_CTX_set_cipher_list( domain->ctx, CIPHERS_ANONYMOUS )) { --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org