Backport r14830: Do not use SSL compression.

It was pointless, since most of our cells are encrypted, full of compressed data, or both; and harmful, because compression is expensive and distinguishable. svn:r17882
2009-01-04 18:52:32 +00:00 · 2009-01-04 18:52:32 +00:00 · 39117bb422
parent e53bba1e2a
commit 39117bb422
2 changed files with 6 additions and 0 deletions
--- a/3
+++ b/3
@ -77,6 +77,9 @@ Changes in version 0.2.0.33 - 2009-??-??
      for more info.
    - Check DNS replies for more matching fields to better resist DNS
      poisoning.
+    - Never use OpenSSL compression: it wastes RAM and CPU trying to
+      compress cells, which are basically all encrypted, compressed, or
+      both.


 Changes in version 0.2.0.32 - 2008-11-20
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -564,6 +564,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
  SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
 #endif
  SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
+  /* Don't actually allow compression; it uses RAM and time, but the data
+   * we transmit is all encrypted anyway. */
+  result->ctx->comp_methods = NULL;

 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
  SSL_CTX_set_options(result->ctx,