You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2011/10/14 01:15:51 UTC

svn commit: r1183159 - in /trafficserver/traffic/trunk: CHANGES contrib/perl/AdminClient/lib/Apache/TS/AdminClient.pm iocore/net/SSLConfig.cc mgmt/RecordsConfig.cc proxy/config/records.config.default.in

Author: zwoop
Date: Thu Oct 13 23:15:51 2011
New Revision: 1183159

URL: http://svn.apache.org/viewvc?rev=1183159&view=rev
Log:
TS-747 Add a new option, proxy.config.ssl.compression, to turn SSL compression on / off. Currently only works with OpenSSL > 1.0.0

Modified:
    trafficserver/traffic/trunk/CHANGES
    trafficserver/traffic/trunk/contrib/perl/AdminClient/lib/Apache/TS/AdminClient.pm
    trafficserver/traffic/trunk/iocore/net/SSLConfig.cc
    trafficserver/traffic/trunk/mgmt/RecordsConfig.cc
    trafficserver/traffic/trunk/proxy/config/records.config.default.in

Modified: trafficserver/traffic/trunk/CHANGES
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/CHANGES?rev=1183159&r1=1183158&r2=1183159&view=diff
==============================================================================
--- trafficserver/traffic/trunk/CHANGES (original)
+++ trafficserver/traffic/trunk/CHANGES Thu Oct 13 23:15:51 2011
@@ -87,6 +87,10 @@ Changes with Apache Traffic Server 3.1.1
   *) [TS-930] Fixed TSNetConnect to use network order for port.
 
 Changes with Apache Traffic Server 3.1.0
+  *) [TS-747] Add a new option, proxy.config.ssl.compression, to turn
+   SSL compression on / off. This currently only works with OpenSSL
+   v1.0.0 and later.
+
   *) Make sure --enable-purify works again
 
   *) [TS-888] Fix SSL by enabling the right direction on successful setup.

Modified: trafficserver/traffic/trunk/contrib/perl/AdminClient/lib/Apache/TS/AdminClient.pm
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/contrib/perl/AdminClient/lib/Apache/TS/AdminClient.pm?rev=1183159&r1=1183158&r2=1183159&view=diff
==============================================================================
--- trafficserver/traffic/trunk/contrib/perl/AdminClient/lib/Apache/TS/AdminClient.pm (original)
+++ trafficserver/traffic/trunk/contrib/perl/AdminClient/lib/Apache/TS/AdminClient.pm Thu Oct 13 23:15:51 2011
@@ -700,6 +700,10 @@ The Apache Traffic Server Administration
  proxy.config.ssl.server.cert.path
  proxy.config.ssl.server.cipher_suite
  proxy.config.ssl.server.honor_cipher_order
+ proxy.config.ssl.SSLv2
+ proxy.config.ssl.SSLv3
+ proxy.config.ssl.TLSv1
+ proxy.config.ssl.compression
  proxy.config.ssl.server.multicert.filename
  proxy.config.ssl.server_port
  proxy.config.ssl.server.private_key.filename

Modified: trafficserver/traffic/trunk/iocore/net/SSLConfig.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/iocore/net/SSLConfig.cc?rev=1183159&r1=1183158&r2=1183159&view=diff
==============================================================================
--- trafficserver/traffic/trunk/iocore/net/SSLConfig.cc (original)
+++ trafficserver/traffic/trunk/iocore/net/SSLConfig.cc Thu Oct 13 23:15:51 2011
@@ -268,6 +268,11 @@ SslConfigParams::initialize()
   if (!options)
     ssl_ctx_options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
 #endif
+#ifdef SSL_OP_NO_COMPRESSION
+  IOCORE_ReadConfigInteger(options, "proxy.config.ssl.compression");
+  if (!options)
+    ssl_ctx_options |= SSL_OP_NO_COMPRESSION;
+#endif
 
   IOCORE_ReadConfigString(serverCertFilename, "proxy.config.ssl.server.cert.filename", PATH_NAME_MAX);
   IOCORE_ReadConfigString(serverCertRelativePath, "proxy.config.ssl.server.cert.path", PATH_NAME_MAX);

Modified: trafficserver/traffic/trunk/mgmt/RecordsConfig.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/mgmt/RecordsConfig.cc?rev=1183159&r1=1183158&r2=1183159&view=diff
==============================================================================
--- trafficserver/traffic/trunk/mgmt/RecordsConfig.cc (original)
+++ trafficserver/traffic/trunk/mgmt/RecordsConfig.cc Thu Oct 13 23:15:51 2011
@@ -1304,6 +1304,8 @@ RecordElement RecordsConfig[] = {
   ,
   {RECT_CONFIG, "proxy.config.ssl.TLSv1", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
+  {RECT_CONFIG, "proxy.config.ssl.compression", RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+  ,
   {RECT_CONFIG, "proxy.config.ssl.accelerator_required", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
   {RECT_CONFIG, "proxy.config.ssl.accelerator.type", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}

Modified: trafficserver/traffic/trunk/proxy/config/records.config.default.in
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/proxy/config/records.config.default.in?rev=1183159&r1=1183158&r2=1183159&view=diff
==============================================================================
--- trafficserver/traffic/trunk/proxy/config/records.config.default.in (original)
+++ trafficserver/traffic/trunk/proxy/config/records.config.default.in Thu Oct 13 23:15:51 2011
@@ -486,6 +486,9 @@ CONFIG proxy.config.ssl.TLSv1 INT 1
    # Our default SSL Cipher Suite tries to be reasonably fast and strong.
 CONFIG proxy.config.ssl.server.cipher_suite STRING RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
 CONFIG proxy.config.ssl.server.honor_cipher_order INT 0
+   # Control if SSL should perform content compression or not
+CONFIG proxy.config.ssl.compression INT 1
+   # SSL port (unfortunately, only one at this time)
 CONFIG proxy.config.ssl.server_port INT 443
    # Client certification level should be:
    # 0 no client certificates