From a0f03dcfac4b87747bffdd479b956edd32f58092 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 1 Jul 2016 07:19:46 -0400
Subject: [PATCH] Disable TLS compression

This prevents the CRIME attack.
---
 components/net/connector.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/net/connector.rs b/components/net/connector.rs
index 23aaf9f5566..59858947930 100644
--- a/components/net/connector.rs
+++ b/components/net/connector.rs
@@ -4,7 +4,7 @@
 
 use hyper::client::Pool;
 use hyper::net::{HttpStream, HttpsConnector, SslClient};
-use openssl::ssl::{SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER};
+use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER};
 use openssl::ssl::{Ssl, SslContext, SslMethod, SslStream};
 use std::sync::Arc;
 use util::resource_files::resources_dir_path;
@@ -31,7 +31,7 @@ pub fn create_http_connector() -> Arc<Pool<Connector>> {
     let mut context = SslContext::new(SslMethod::Sslv23).unwrap();
     context.set_CA_file(&resources_dir_path().join("certs")).unwrap();
     context.set_cipher_list(DEFAULT_CIPHERS).unwrap();
-    context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3);
+    context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
     let connector = HttpsConnector::new(ServoSslClient {
         context: Arc::new(context)
     });