[CDRIVER-1369] Set SSL_OP_NO_COMPRESSION by default Created: 11/Jul/16  Updated: 19/Dec/16  Resolved: 13/Jul/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.4.0

Type: Bug Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: intern2016
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-1958 Change in compression usage between 1... Closed
Epic Link: TLS Improvements

 Description   

TLS Compression is dangerous and should be avoided on the public internet. It is disabled by default in OpenSSL 1.1.0 and later, but needs to be explicitly disabled for earlier releases.

From client perspective, we should protect our clients by ensuring SSL_OP_NO_COMPRESSION is set on the client side, making it irrelevant if the server lib supports it or not.

We should check if Secure Transport or Secure Channel needs similar workaround to disable compression



 Comments   
Comment by Hannes Magnusson [ 13/Jul/16 ]

Secure Transport & Secure Channel do not support compression, nothing to do there.

Comment by Githook User [ 13/Jul/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1369: Disable TLS compression by default

Darwin TLS & Windows TLS do not support compression
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/222818d5948a6cf0fca0cc9f12bd4339e18f5115

Generated at Wed Feb 07 21:12:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.