Explicit disable support of SSL / TLS Compression

Motivation: Our ReferenceCountedOpenSslEngine does not support compression so we should explicit disable it. This is related to netty#3722. Modifications: Set SSL_OP_NO_COMPRESSION option. Result: Not use compression.
wgmzone · Dec 16, 2016 · 89cb50a · 89cb50a
1 parent cd458f1
commit 89cb50a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java
@@ -270,6 +270,10 @@ public String run() {
                 SSLContext.setOptions(ctx, SSL.SSL_OP_SINGLE_ECDH_USE);
                 SSLContext.setOptions(ctx, SSL.SSL_OP_SINGLE_DH_USE);
                 SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+
+                // We do not support compression as the moment so we should explicitly disable it.
+                SSLContext.setOptions(ctx, SSL.SSL_OP_NO_COMPRESSION);
+
                 // Disable ticket support by default to be more inline with SSLEngineImpl of the JDK.
                 // This also let SSLSession.getId() work the same way for the JDK implementation and the OpenSSLEngine.
                 // If tickets are supported SSLSession.getId() will only return an ID on the server-side if it could