diff options
author | Richard Moore <rich@kde.org> | 2012-09-11 22:49:55 +0100 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2012-09-18 14:12:17 +0200 |
commit | 5ea896fbc63593f424a7dfbb11387599c0025c74 (patch) | |
tree | 000d7cc978458bb7e48d3a59cbe4257a6bcbc4ec /src/network/ssl/qssl.cpp | |
parent | 3f970c20f9afd5c9a1cc14d7f69882e13f6aaf1b (diff) |
Disable SSL compression by default.
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.
Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Diffstat (limited to 'src/network/ssl/qssl.cpp')
-rw-r--r-- | src/network/ssl/qssl.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index c6f708b8f4..49e2a53ece 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -164,8 +164,9 @@ QT_BEGIN_NAMESPACE By default, SslOptionDisableEmptyFragments is turned on since this causes problems with a large number of servers. SslOptionDisableLegacyRenegotiation - is also turned on, since it introduces a security risk. The other options - are turned off. + is also turned on, since it introduces a security risk. + SslOptionDisableCompression is turned on to prevent the attack publicised by + CRIME. The other options are turned off. Note: Availability of above options depends on the version of the SSL backend in use. |