small patch to disable openssl compression
Simon Matter
simon.matter at invoca.ch
Tue Mar 5 00:59:07 EST 2013
> Hi - This patch disables openssl compression - not sure if this is a
> security risk or not... but, I don't think I like the encryption library
> performing compression anyway, it's complicated already. Maybe.
Just FYI, with latest RHEL5+6 openssl now disables compression by default.
I guess the end result for cyrus is the same like with your patch? Maybe
other distributions do the same.
Simon
>
> Chris
>
>
> diff -rupN cyrus-imapd-2.4.17/imap/tls.c cyrus-imapd-2.4.17.f/imap/tls.c
> --- cyrus-imapd-2.4.17/imap/tls.c 2012-12-01 19:57:54.000000000 +0000
> +++ cyrus-imapd-2.4.17.f/imap/tls.c 2013-01-18 15:27:58.000000000 +0000
> @@ -667,6 +667,11 @@ int tls_init_serverengine(const char
> off |= SSL_OP_NO_SSLv3;
> }
> SSL_CTX_set_options(s_ctx, off);
> +
> +#ifdef SSL_OP_NO_COMPRESSION
> + SSL_CTX_set_options(s_ctx, SSL_OP_NO_COMPRESSION);
> +#endif
> +
> SSL_CTX_set_info_callback(s_ctx, (void (*)())
> apps_ssl_info_callback);
>
> /* Don't use an internal session cache */
>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
More information about the Info-cyrus
mailing list