diff options
| author | Nick Mathewson <nickm@torproject.org> | 2009-01-04 18:52:32 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2009-01-04 18:52:32 +0000 |
| commit | 39117bb422e1f13c689dae62036c815a7171019c (patch) | |
| tree | 2c28b0d2e8257d52b6b373b2ed57ee2e40a12951 | |
| parent | e53bba1e2ab53cbbe8bb266645011b031e4e2de6 (diff) | |
| download | tor-39117bb422e1f13c689dae62036c815a7171019c.tar.gz tor-39117bb422e1f13c689dae62036c815a7171019c.zip | |
Backport r14830: Do not use SSL compression.
It was pointless, since most of our cells are encrypted, full of compressed data, or both; and harmful, because compression is expensive and distinguishable.
svn:r17882
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/common/tortls.c | 3 |
2 files changed, 6 insertions, 0 deletions
@@ -77,6 +77,9 @@ Changes in version 0.2.0.33 - 2009-??-?? for more info. - Check DNS replies for more matching fields to better resist DNS poisoning. + - Never use OpenSSL compression: it wastes RAM and CPU trying to + compress cells, which are basically all encrypted, compressed, or + both. Changes in version 0.2.0.32 - 2008-11-20 diff --git a/src/common/tortls.c b/src/common/tortls.c index 496fc9c393..d2e63de21c 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -564,6 +564,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2); #endif SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE); + /* Don't actually allow compression; it uses RAM and time, but the data + * we transmit is all encrypted anyway. */ + result->ctx->comp_methods = NULL; #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_CTX_set_options(result->ctx, |