Backport r14830: Do not use SSL compression.
It was pointless, since most of our cells are encrypted, full of compressed data, or both; and harmful, because compression is expensive and distinguishable. svn:r17882
This commit is contained in:
parent
e53bba1e2a
commit
39117bb422
|
@ -77,6 +77,9 @@ Changes in version 0.2.0.33 - 2009-??-??
|
|||
for more info.
|
||||
- Check DNS replies for more matching fields to better resist DNS
|
||||
poisoning.
|
||||
- Never use OpenSSL compression: it wastes RAM and CPU trying to
|
||||
compress cells, which are basically all encrypted, compressed, or
|
||||
both.
|
||||
|
||||
|
||||
Changes in version 0.2.0.32 - 2008-11-20
|
||||
|
|
|
@ -564,6 +564,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
|||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
|
||||
#endif
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
|
||||
/* Don't actually allow compression; it uses RAM and time, but the data
|
||||
* we transmit is all encrypted anyway. */
|
||||
result->ctx->comp_methods = NULL;
|
||||
|
||||
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
|
||||
SSL_CTX_set_options(result->ctx,
|
||||
|
|
Loading…
Reference in New Issue