diff options
| author |   jsing <jsing@openbsd.org> | 2013-07-16 13:22:55 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2013-07-16 13:22:55 +0000 |
| commit | 2d61c986d448ac93b616082f0bbbc4398bcba718 (patch) | |
| tree | a0fb83e717fecd3ddbfeb6cc4ed5818c8680c72f /usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c | |
| parent | Enable ECDHE support in httpd via a SSLECDHCurve option. This specifies the (diff) | |
| download | wireguard-openbsd-2d61c986d448ac93b616082f0bbbc4398bcba718.tar.xz wireguard-openbsd-2d61c986d448ac93b616082f0bbbc4398bcba718.zip | |
Disable SSL compression in order to mitigate CRIME attacks. Add
an SSLCompression option so that it can be turned back on, however on
this is currently a no-op due to the compile options for libssl.
Requested by and ok djm@
Diffstat (limited to 'usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c')
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c index 775837a1e89..2bda3964065 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c @@ -191,6 +191,7 @@ void *ssl_config_server_create(pool *p, server_rec *s) sc = ap_palloc(p, sizeof(SSLSrvConfigRec)); sc->bEnabled = UNSET; + sc->bCompression = FALSE; sc->szCACertificatePath = NULL; sc->szCACertificateFile = NULL; sc->szCertificateChain = NULL; @@ -249,6 +250,7 @@ void *ssl_config_server_merge(pool *p, void *basev, void *addv) int i; cfgMergeBool(bEnabled); + cfgMergeBool(bCompression); cfgMergeString(szCACertificatePath); cfgMergeString(szCACertificateFile); cfgMergeString(szCertificateChain); @@ -534,6 +536,15 @@ const char *ssl_cmd_SSLEngine( return NULL; } +const char *ssl_cmd_SSLCompression( + cmd_parms *cmd, char *struct_ptr, int flag) +{ + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + + sc->bCompression = (flag ? TRUE : FALSE); + return NULL; +} + const char *ssl_cmd_SSLCipherSuite( cmd_parms *cmd, SSLDirConfigRec *dc, char *arg) { |