mod_ssl: Add new directive SSLCompression to disable

TLS-level compression. PR 53219. Backport of r1345319 and r1348656 from trunk. Submitted by: Bjoern Jacke <bjoern j3e de>, sf Reviewed by: rjung, trawick Backported by: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1369585 13f79535-47bb-0310-9956-ffa450edef68
2025-08-06 11:06:17 +00:00 · 2012-08-05 13:48:40 +00:00
parent 2ac9e2c7da
commit 4c3f6758db
7 changed files with 66 additions and 6 deletions
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@ -622,6 +622,18 @@ static void ssl_init_ctx_protocol(server_rec *s,
    }
 #endif

+
+#ifndef OPENSSL_NO_COMP
+    if (sc->compression == FALSE) {
+#ifdef SSL_OP_NO_COMPRESSION
+        /* OpenSSL >= 1.0 only */
+        SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
+#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
+        sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+#endif
+    }
+#endif
+
 #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
    if (sc->insecure_reneg == TRUE) {
        SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);