trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From iga...@apache.org
Subject [4/21] git commit: TS-1466 disabling ssl compression by default
Date Fri, 21 Sep 2012 10:04:39 GMT
TS-1466 disabling ssl compression by default


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/04be68aa
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/04be68aa
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/04be68aa

Branch: refs/heads/3.2.x
Commit: 04be68aaa7fdbcc8fe97c293f6375f0261db839d
Parents: 763292b
Author: Bryan Call <bcall@apache.org>
Authored: Fri Sep 14 10:47:15 2012 -0700
Committer: Igor Galić <i.galic@brainsware.org>
Committed: Fri Sep 21 10:39:23 2012 +0200

----------------------------------------------------------------------
 iocore/net/SSLConfig.cc                |    9 +++++++--
 mgmt/RecordsConfig.cc                  |    2 +-
 proxy/config/records.config.default.in |    2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/04be68aa/iocore/net/SSLConfig.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 0ef17e0..87b2176 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -149,11 +149,16 @@ SslConfigParams::initialize()
   if (!options)
     ssl_ctx_options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
 #endif
-#ifdef SSL_OP_NO_COMPRESSION
+
   IOCORE_ReadConfigInteger(options, "proxy.config.ssl.compression");
-  if (!options)
+  if (!options) {
+#ifdef SSL_OP_NO_COMPRESSION
+    /* OpenSSL >= 1.0 only */
     ssl_ctx_options |= SSL_OP_NO_COMPRESSION;
+#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
+    sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
 #endif
+  }
 
   IOCORE_ReadConfigString(serverCertRelativePath, "proxy.config.ssl.server.cert.path", PATH_NAME_MAX);
   set_paths_helper(serverCertRelativePath, NULL, &serverCertPathOnly, NULL);

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/04be68aa/mgmt/RecordsConfig.cc
----------------------------------------------------------------------
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index d08f59a..03aa782 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1288,7 +1288,7 @@ RecordElement RecordsConfig[] = {
   ,
   {RECT_CONFIG, "proxy.config.ssl.TLSv1", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT,
"[0-1]", RECA_NULL}
   ,
-  {RECT_CONFIG, "proxy.config.ssl.compression", RECD_INT, "1", RECU_RESTART_TS, RR_NULL,
RECC_INT, "[0-1]", RECA_NULL}
+  {RECT_CONFIG, "proxy.config.ssl.compression", RECD_INT, "0", RECU_RESTART_TS, RR_NULL,
RECC_INT, "[0-1]", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.ssl.number.threads", RECD_INT, "0", RECU_RESTART_TS, RR_NULL,
RECC_NULL, NULL, RECA_NULL}
   ,

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/04be68aa/proxy/config/records.config.default.in
----------------------------------------------------------------------
diff --git a/proxy/config/records.config.default.in b/proxy/config/records.config.default.in
index 4fa439a..bbb6d37 100644
--- a/proxy/config/records.config.default.in
+++ b/proxy/config/records.config.default.in
@@ -496,7 +496,7 @@ CONFIG proxy.config.ssl.TLSv1 INT 1
 CONFIG proxy.config.ssl.server.cipher_suite STRING RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
 CONFIG proxy.config.ssl.server.honor_cipher_order INT 0
    # Control if SSL should perform content compression or not
-CONFIG proxy.config.ssl.compression INT 1
+CONFIG proxy.config.ssl.compression INT 0
    # Deprecated.
    # SSL ports should now be configured via proxy.config.http.server_ports
 #CONFIG proxy.config.ssl.server_port INT 443


Mime
View raw message