On Fri, Dec 28, 2012 at 6:32 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Fri, Dec 28, 2012, Jeffrey Walton wrote: > >> On Fri, Dec 28, 2012 at 3:23 PM, Michael Mueller <abaci....@gmail.com> wrote: >> > i was going to do this: >> > >> > SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION); >> Yeah, it looks like that's the option. I would prefer to remove the >> code paths all together though. >> >> If the code path does not exist, it cannot be executed. >> > > Unless OpenSSL has been build with the zlib or zlib-dynamic option it wont use > zlib. Since that's the only compression method standardised for SSL/TLS it > effectively disables compression for SSL/TLS as a side effect as there are no > compression methods available. > > If you want to use zlib for other purposes (e.g. the command line option or > CMS) but disable its use for SSL/TLS you'd compile OpenSSL with the > "no-comp" option but include zlib or zlib-dynamic. I think that's what I am looking for. -no-zlib was the proverbial cannon ball killing the fly.
> All of the above options apply to the OpenSSL library only: so an application > needs to be linked to that version of OpenSSL to disable compression. > > There is also the runtime option SSL_OP_NO_COMPRESSION. That will disable > compression for SSL/TLS even if the application is linked against a version of > OpenSSL with SSL/TLS compression enabled. If the linked version of OpenSSL > already disables SSL/TLS compression that option has no effect. Thanks Dr. Henson. I think I need to file a feature request to make SSL_OP_NO_COMPRESSION a macro too so I can use it during preprocessing :o Jeff Thanks Dr. Hesn. I think I need to file a feature request for ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
