How to disable compression?
Corin Lawson
Is it possible to establish an SSL connection with no compression? How?
While I'm at it, is it possible to use no encryption?
I.e. I only want SSL to authenticate/verify identity (handshake).
Cheers,
Corin.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Victor Duchovni
> Hi All,
>
> Is it possible to establish an SSL connection with no compression? How?
OpenSSL 1.0.0 provides a new option that can be set via
SSL_CTX_set_options() or SSL_set_options().
SSL_OP_NO_COMPRESSION
> While I'm at it, is it possible to use no encryption?
See ciphers(1). The "eNULL" ciphers offer no encryption, while
the "aNULL" ciphers offer no authentication. Usually you want
both, you are unlikely to want neither. Thus if you want eNULL,
make sure to exclude aNULL.
For encryption with no authentication:
aNULL:!EXP:!LOW:!eNULL:@STRENGTH
For authentication with no encryption:
eNULL:!EXP:!LOW:!aNULL:@STRENGTH
--
Viktor.
Ramaswamy BM
> Try this
> SSL_CTX * tls_ctx;
>
> STACK_OF(SSL_COMP)* compression ;
>
> compression = SSL_COMP_get_compression_methods();
>
> sk_SSL_COMP_zero(compression); It should disable the compression
> support for !! ....
>
> You can also use below API accordingly to enable/disable required
> encryption/authentication algorithms for a given context.
>
> SSL_CTX_set_cipher_list(*tls_ctx,
> "!RSA:!ADH:!NULL:!aNULL!RC4:!RC5:!kEDH:!DES:!AES256-SHA:!EXPORT")
>
>
> Best Regards ,
> Ram
>
>
> Corin Lawson wrote:
>> Hi All,
>>
>> Is it possible to establish an SSL connection with no compression? How?
>>
>>
>>
>> Cheers, Corin.