Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1369

Set SSL_OP_NO_COMPRESSION by default

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.4.0
    • Component/s: None
    • Labels:
    • Sprint:
      C Driver 2016 sprint 6

      Description

      TLS Compression is dangerous and should be avoided on the public internet. It is disabled by default in OpenSSL 1.1.0 and later, but needs to be explicitly disabled for earlier releases.

      From client perspective, we should protect our clients by ensuring SSL_OP_NO_COMPRESSION is set on the client side, making it irrelevant if the server lib supports it or not.

      We should check if Secure Transport or Secure Channel needs similar workaround to disable compression

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bjori Hannes Magnusson
              Reporter:
              bjori Hannes Magnusson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: