On Tue, 2012-10-23 at 20:18 +0200, Dr. Stephen Henson wrote:
> On Tue, Oct 23, 2012, Tomas Hoger wrote:
>
> > On Thu, 18 Oct 2012 23:55:41 +0200 Andrey Kulikov wrote:
> >
> > > > OpenSSL enables zlib by default.
> > >
> > > Could you please advice for what version and platform this is true?
> > >
> > > openssl-1.0.1c for linux-elf
> > > has no-zlib configured by default.
> >
> > Sorry, I asked the wrong way. OpenSSL, when compiled with zlib
> > support, enables deflate (id 1) compression by default. I was
> > wondering if this should stay as is or should change to disabled by
> > default even when zlib support is compiled in (i.e. compression will
> > only get used when explicitly enabled by an application using the
> > library). The change would render SSL_OP_NO_COMPRESSION meaningless
> > and possibly want a new option for doing the opposite.
> >
>
> There isn't any room in the "options" field for new options, so that's tricky.
> An alternative would be to set SSL_OP_NO_COMPRESSION by default and require
> applications that need compression support to explicilty clear it with
> SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
I agree this is the solution that should be used as this does not break
the ABI.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
