Ouch. We were sometimes getting openssl compression by default. This is pointless for us, since the overwhelming majority of our cells are encrypted, full of compressed data, or both. This is also harmful, since doing piles of compression is not cheap. Backport candidate once more tested.

svn:r14830
author: Nick Mathewson <nickm@torproject.org> 2008-05-29 14:39:56 +0000
committer: Nick Mathewson <nickm@torproject.org> 2008-05-29 14:39:56 +0000
commit: 61ac80a9147c06fae616aee4a53dce1e18ebd7c2 (patch)
tree: c783ce92dc855402c5c9670ac13e41aa2919a5af /src
parent: 3a469018e54f20272425cf15ab6038f7d559ad1d (diff)
download: tor-61ac80a9147c06fae616aee4a53dce1e18ebd7c2.tar
tor-61ac80a9147c06fae616aee4a53dce1e18ebd7c2.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index b93117697..752ff6f8f 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -564,6 +564,10 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
 #endif
   SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
+  /* Don't actually allow compression; it uses ram and time, but the data
+   * we transmit is all encrypted anyway. */
+  if (result->ctx->comp_methods)
+    result->ctx->comp_methods = NULL;
 #ifdef SSL_MODE_RELEASE_BUFFERS
   SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
 #endif
author	Nick Mathewson <nickm@torproject.org>	2008-05-29 14:39:56 +0000
committer	Nick Mathewson <nickm@torproject.org>	2008-05-29 14:39:56 +0000
commit	61ac80a9147c06fae616aee4a53dce1e18ebd7c2 (patch)
tree	c783ce92dc855402c5c9670ac13e41aa2919a5af /src
parent	3a469018e54f20272425cf15ab6038f7d559ad1d (diff)
download	tor-61ac80a9147c06fae616aee4a53dce1e18ebd7c2.tar tor-61ac80a9147c06fae616aee4a53dce1e18ebd7c2.tar.gz