Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1369

Set SSL_OP_NO_COMPRESSION by default

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.4.0
    • Affects Version/s: None
    • Component/s: None

      TLS Compression is dangerous and should be avoided on the public internet. It is disabled by default in OpenSSL 1.1.0 and later, but needs to be explicitly disabled for earlier releases.

      From client perspective, we should protect our clients by ensuring SSL_OP_NO_COMPRESSION is set on the client side, making it irrelevant if the server lib supports it or not.

      We should check if Secure Transport or Secure Channel needs similar workaround to disable compression

            Assignee:
            bjori Hannes Magnusson
            Reporter:
            bjori Hannes Magnusson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: