Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-03 20:50:07 +01:00
Code Issues Projects Releases Packages Wiki Activity

Disable TLS compression

Browse source 
This prevents the CRIME attack.
This commit is contained in:
Alex Gaynor 2016-07-01 07:19:46 -04:00 committed by GitHub
parent 0ae07e07e6
commit a0f03dcfac
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
components/net/connector.rs
View file

@ -4,7 +4,7 @@
use hyper::client::Pool; use hyper::client::Pool;
use hyper::net::{HttpStream, HttpsConnector, SslClient}; use hyper::net::{HttpStream, HttpsConnector, SslClient};
use openssl::ssl::{SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER}; use openssl::ssl::{SSL_OP_NO_COMPRESSION, SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER};
use openssl::ssl::{Ssl, SslContext, SslMethod, SslStream}; use openssl::ssl::{Ssl, SslContext, SslMethod, SslStream};
use std::sync::Arc; use std::sync::Arc;
use util::resource_files::resources_dir_path; use util::resource_files::resources_dir_path;
@ -31,7 +31,7 @@ pub fn create_http_connector() -> Arc<Pool<Connector>> {
let mut context = SslContext::new(SslMethod::Sslv23).unwrap(); let mut context = SslContext::new(SslMethod::Sslv23).unwrap();
context.set_CA_file(&resources_dir_path().join("certs")).unwrap(); context.set_CA_file(&resources_dir_path().join("certs")).unwrap();
context.set_cipher_list(DEFAULT_CIPHERS).unwrap(); context.set_cipher_list(DEFAULT_CIPHERS).unwrap();
context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3); context.set_options(SSL_OP_NO_SSLV2 | SSL_OP_NO_SSLV3 | SSL_OP_NO_COMPRESSION);
let connector = HttpsConnector::new(ServoSslClient { let connector = HttpsConnector::new(ServoSslClient {
context: Arc::new(context) context: Arc::new(context)
}); });