On Sat, Dec 29, 2012, Dr. Stephen Henson wrote: > On Fri, Dec 28, 2012, Jeffrey Walton wrote: > > > On Fri, Dec 28, 2012 at 3:23 PM, Michael Mueller <abaci....@gmail.com> > > wrote: > > > i was going to do this: > > > > > > SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION); > > Yeah, it looks like that's the option. I would prefer to remove the > > code paths all together though. > > > > If the code path does not exist, it cannot be executed. > > > > Unless OpenSSL has been build with the zlib or zlib-dynamic option it wont use > zlib. Since that's the only compression method standardised for SSL/TLS it > effectively disables compression for SSL/TLS as a side effect as there are no > compression methods available. >
Ugh, that'll teach me not to do a "make clean" first. Correction: If you use "no-comp" it will remove the compression library from OpenSSL entirely but due to a bug (fix just committed) you'll get a linker error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
