So,
For your next version (> 4.51) with update code for compression, i will replace openssl 0.9.8 by openssl 1.0.0e given from package 4.47 (for windows of course) then i'm will be able to control compression (but am lost FIPS, not very important for me). This is possible ? (i think...)
Ludovic.
Le 09/12/2011 19:31, Michal Trojnara a écrit :
Ludovic LEVETllevet@ludosoft.org wrote:
Hi Mike,
Yes, this is better to disable it by default. But do you project to return on openssl 1.0.0x for next release to control compression ?
And why are you move from openssl 1.0.0 to 0.9.8 in version 4.48 to 4.49 ? (for FIPS i suppose)
Thank's.
Ludovic.
Le 09/12/2011 18:46, Michal Trojnara a écrit :
I wrote:
My conclusion: I will add "compression = none" global option implemented as: #ifndef OPENSSL_NO_COMP sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); #endif
On second thought: This might be probably even better to switch compression off by default. The memory and CPU requirements of compression probably
make
it a bad choice for ~90% of users.
The available parameters will be:
- deflate - RFC 3749 https://www.ietf.org/rfc/rfc3749.txt
- zlib - OpenSSL 0.9.7 compatibility
- rle - OpenSSL 0.9.7 compatibility
The default will be to disable compression entirely.
What do you think?
Mike
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
No. Yes.
Mike