Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
cc5a9ba4
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
cc5a9ba4
编写于
2月 03, 2016
作者:
V
Viktor Dukhovni
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Restore -no_comp switch for backwards compatible behaviour
Reviewed-by:
N
Emilia Käsper
<
emilia@openssl.org
>
上级
424d5db2
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
48 addition
and
5 deletion
+48
-5
apps/apps.h
apps/apps.h
+4
-2
doc/apps/s_client.pod
doc/apps/s_client.pod
+15
-0
doc/apps/s_server.pod
doc/apps/s_server.pod
+15
-0
doc/ssl/SSL_CONF_cmd.pod
doc/ssl/SSL_CONF_cmd.pod
+10
-1
ssl/ssl_conf.c
ssl/ssl_conf.c
+3
-1
util/TLSProxy/Proxy.pm
util/TLSProxy/Proxy.pm
+1
-1
未找到文件。
apps/apps.h
浏览文件 @
cc5a9ba4
...
...
@@ -285,11 +285,11 @@ void wait_for_async(SSL *s);
# define OPT_S_ENUM \
OPT_S__FIRST=3000, \
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_BUGS, OPT_S_COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
OPT_S_BUGS, OPT_S_
NO_
COMP, OPT_S_ECDHSINGLE, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
OPT_S_DHPARAM, OPT_S_DEBUGBROKE, \
OPT_S_DHPARAM, OPT_S_DEBUGBROKE,
OPT_S_COMP,
\
OPT_S__LAST
# define OPT_S_OPTIONS \
...
...
@@ -298,6 +298,7 @@ void wait_for_async(SSL *s);
{"no_tls1_1", OPT_S_NOTLS1_1, '-' }, \
{"no_tls1_2", OPT_S_NOTLS1_2, '-' }, \
{"bugs", OPT_S_BUGS, '-' }, \
{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
{"ecdh_single", OPT_S_ECDHSINGLE, '-' }, \
{"no_ticket", OPT_S_NOTICKET, '-' }, \
...
...
@@ -327,6 +328,7 @@ void wait_for_async(SSL *s);
case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \
case OPT_S_BUGS: \
case OPT_S_NO_COMP: \
case OPT_S_COMP: \
case OPT_S_ECDHSINGLE: \
case OPT_S_NOTICKET: \
...
...
doc/apps/s_client.pod
浏览文件 @
cc5a9ba4
...
...
@@ -71,6 +71,8 @@ B<openssl> B<s_client>
[B<-fallback_scsv>]
[B<-async>]
[B<-bugs>]
[B<-comp>]
[B<-no_comp>]
[B<-cipher cipherlist>]
[B<-serverpref>]
[B<-starttls protocol>]
...
...
@@ -326,6 +328,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine
there are several known bug in SSL and TLS implementations. Adding this
option enables various workarounds.
=item B<-comp>
Enables support for SSL/TLS compression.
This option was introduced in OpenSSL 1.1.0.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
=item B<-no_comp>
Disables support for SSL/TLS compression.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
=item B<-brief>
only provide a brief summary of connection parameters instead of the
...
...
doc/apps/s_server.pod
浏览文件 @
cc5a9ba4
...
...
@@ -77,6 +77,8 @@ B<openssl> B<s_server>
[B<-no_tls1>]
[B<-no_dhe>]
[B<-bugs>]
[B<-comp>]
[B<-no_comp>]
[B<-brief>]
[B<-www>]
[B<-WWW>]
...
...
@@ -313,6 +315,19 @@ is also used via the B<-engine> option. For test purposes the dummy async engine
there are several known bug in SSL and TLS implementations. Adding this
option enables various workarounds.
=item B<-comp>
Enable negotiation of TLS compression.
This option was introduced in OpenSSL 1.1.0.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
=item B<-no_comp>
Disable negotiation of TLS compression.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
=item B<-brief>
only provide a brief summary of connection parameters instead of the
...
...
doc/ssl/SSL_CONF_cmd.pod
浏览文件 @
cc5a9ba4
...
...
@@ -133,7 +133,16 @@ Various bug workarounds are set, same as setting B<SSL_OP_ALL>.
=item B<-comp>
Enables support for SSL/TLS compression, same as clearing B<SSL_OP_NO_COMPRESSION>.
Enables support for SSL/TLS compression, same as clearing
B<SSL_OP_NO_COMPRESSION>.
This command was introduced in OpenSSL 1.1.0.
As of OpenSSL 1.1.0, compression is off by default.
=item B<-no_comp>
Disables support for SSL/TLS compression, same as setting
B<SSL_OP_NO_COMPRESSION>.
As of OpenSSL 1.1.0, compression is off by default.
=item B<-no_ticket>
...
...
ssl/ssl_conf.c
浏览文件 @
cc5a9ba4
...
...
@@ -581,6 +581,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_SWITCH
(
"no_tls1_1"
,
0
),
SSL_CONF_CMD_SWITCH
(
"no_tls1_2"
,
0
),
SSL_CONF_CMD_SWITCH
(
"bugs"
,
0
),
SSL_CONF_CMD_SWITCH
(
"no_comp"
,
0
),
SSL_CONF_CMD_SWITCH
(
"comp"
,
0
),
SSL_CONF_CMD_SWITCH
(
"ecdh_single"
,
SSL_CONF_FLAG_SERVER
),
SSL_CONF_CMD_SWITCH
(
"no_ticket"
,
0
),
...
...
@@ -640,7 +641,8 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
{
SSL_OP_NO_TLSv1_1
,
0
},
/* no_tls1_1 */
{
SSL_OP_NO_TLSv1_2
,
0
},
/* no_tls1_2 */
{
SSL_OP_ALL
,
0
},
/* bugs */
{
SSL_OP_NO_COMPRESSION
,
1
},
/* comp */
{
SSL_OP_NO_COMPRESSION
,
0
},
/* no_comp */
{
SSL_OP_NO_COMPRESSION
,
SSL_TFLAG_INV
},
/* comp */
{
SSL_OP_SINGLE_ECDH_USE
,
0
},
/* ecdh_single */
{
SSL_OP_NO_TICKET
,
0
},
/* no_ticket */
{
SSL_OP_CIPHER_SERVER_PREFERENCE
,
0
},
/* serverpref */
...
...
util/TLSProxy/Proxy.pm
浏览文件 @
cc5a9ba4
...
...
@@ -183,7 +183,7 @@ sub start
or
die
"
Failed to redirect stdout: $!
";
open
(
STDERR
,
"
>&STDOUT
");
my
$execcmd
=
$self
->
execute
.
"
s_server -rev -engine ossltest -accept
"
.
"
s_server -
no_comp -
rev -engine ossltest -accept
"
.
(
$self
->
server_port
)
.
"
-cert
"
.
$self
->
cert
.
"
-naccept
"
.
$self
->
serverconnects
;
if
(
$self
->
ciphers
ne
"")
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录