Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:12.1
libqt4
disable-ssl-compression-by-default.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File disable-ssl-compression-by-default.diff of Package libqt4
commit 3488f1db96dbf70bb0486d3013d86252ebf433e0 Author: Richard Moore <rich@kde.org> Date: Tue Sep 18 22:06:15 2012 +0100 Disable SSL compression by default. Disable SSL compression by default since this appears to be the a likely cause of the currently hyped CRIME attack. This is a backport of 5ea896fbc63593f424a7dfbb11387599c0025c74 from qt5. Change-Id: I8fd01c2a230804d88ffa4599e7fd9293a8af9e0f Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Shane Kearns <shane.kearns@accenture.com> --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -277,7 +277,14 @@ } // Enable all bug workarounds. +#ifdef SSL_OP_NO_COMPRESSION + // If compression is available, then disable it to avoid the CRIME attack + // if it is not available then we're not vulnerable anyway. + q_SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_COMPRESSION); +#else q_SSL_CTX_set_options(ctx, SSL_OP_ALL); +#endif + #if OPENSSL_VERSION_NUMBER >= 0x10000000L // Tell OpenSSL to release memory early // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor