diff options
author | Richard Moore <rich@kde.org> | 2012-09-11 22:49:55 +0100 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2012-09-18 14:12:17 +0200 |
commit | 5ea896fbc63593f424a7dfbb11387599c0025c74 (patch) | |
tree | 000d7cc978458bb7e48d3a59cbe4257a6bcbc4ec /src | |
parent | 3f970c20f9afd5c9a1cc14d7f69882e13f6aaf1b (diff) |
Disable SSL compression by default.
Disable SSL compression by default since this appears to be the a likely
cause of the currently hyped CRIME attack.
Change-Id: I515fcc46f5199acf938e9e880a4345f2d405b2a3
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <phartmann@rim.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/ssl/qssl.cpp | 5 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 3 |
2 files changed, 5 insertions, 3 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index c6f708b8f4..49e2a53ece 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -164,8 +164,9 @@ QT_BEGIN_NAMESPACE By default, SslOptionDisableEmptyFragments is turned on since this causes problems with a large number of servers. SslOptionDisableLegacyRenegotiation - is also turned on, since it introduces a security risk. The other options - are turned off. + is also turned on, since it introduces a security risk. + SslOptionDisableCompression is turned on to prevent the attack publicised by + CRIME. The other options are turned off. Note: Availability of above options depends on the version of the SSL backend in use. diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 96337372e0..c9691e4ee4 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -48,7 +48,8 @@ QT_BEGIN_NAMESPACE const QSsl::SslOptions QSslConfigurationPrivate::defaultSslOptions = QSsl::SslOptionDisableEmptyFragments - |QSsl::SslOptionDisableLegacyRenegotiation; + |QSsl::SslOptionDisableLegacyRenegotiation + |QSsl::SslOptionDisableCompression; /*! \class QSslConfiguration |