diff options
author | Richard Moore <rich@kde.org> | 2012-09-18 22:06:15 +0100 |
---|---|---|
committer | Marko Valtanen <marko.valtanen@digia.com> | 2012-12-04 15:34:33 +0200 |
commit | fd3384eab190ee53d8abc1fc19a0899ae6a7a7f7 (patch) | |
tree | c650f6795e776be21dde774d3b28dca5a6eb5263 | |
parent | db28958670eab90d4a975169345a89f37401d462 (diff) | |
download | qt4-tools-fd3384eab190ee53d8abc1fc19a0899ae6a7a7f7.tar.gz |
Disable SSL compression by default.
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.
This is a backport of 5ea896fbc63593f424a7dfbb11387599c0025c74
from qt5.
Change-Id: I8fd01c2a230804d88ffa4599e7fd9293a8af9e0f
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 949b5097c9..e305822d84 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -264,7 +264,13 @@ init_context: } // Enable all bug workarounds. +#ifdef SSL_OP_NO_COMPRESSION + // If compression is available, then disable it to avoid the CRIME attack + // if it is not available then we're not vulnerable anyway. + q_SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_COMPRESSION); +#else q_SSL_CTX_set_options(ctx, SSL_OP_ALL); +#endif // Initialize ciphers QByteArray cipherString; |