Disable SSL compression by default.

Disable SSL compression by default since this appears to be the a likely cause of the currently hyped CRIME attack. Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Peter Hartmann <phartmann@rim.com>
author: Richard Moore <rich@kde.org> 2012-09-11 22:49:55 +0100
committer: The Qt Project <gerrit-noreply@qt-project.org> 2012-09-18 14:12:17 +0200
commit: 5ea896fbc63593f424a7dfbb11387599c0025c74 (patch)
tree: 000d7cc978458bb7e48d3a59cbe4257a6bcbc4ec /src/network/ssl/qssl.cpp
parent: 3f970c20f9afd5c9a1cc14d7f69882e13f6aaf1b (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index c6f708b8f4..49e2a53ece 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -164,8 +164,9 @@ QT_BEGIN_NAMESPACE
 
     By default, SslOptionDisableEmptyFragments is turned on since this causes
     problems with a large number of servers. SslOptionDisableLegacyRenegotiation
-    is also turned on, since it introduces a security risk. The other options
-    are turned off.
+    is also turned on, since it introduces a security risk.
+    SslOptionDisableCompression is turned on to prevent the attack publicised by
+    CRIME. The other options are turned off.
 
     Note: Availability of above options depends on the version of the SSL
     backend in use.
author	Richard Moore <rich@kde.org>	2012-09-11 22:49:55 +0100
committer	The Qt Project <gerrit-noreply@qt-project.org>	2012-09-18 14:12:17 +0200
commit	5ea896fbc63593f424a7dfbb11387599c0025c74 (patch)
tree	000d7cc978458bb7e48d3a59cbe4257a6bcbc4ec /src/network/ssl/qssl.cpp
parent	3f970c20f9afd5c9a1cc14d7f69882e13f6aaf1b (diff)