diff -ru openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod --- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-01-15 16:43:14.000000000 -0200 +++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-03-27 15:18:47.280054883 -0200 @@ -47,6 +47,13 @@ been standardized, the compression API will most likely be changed. Using it in the current state is not recommended. +It is also not recommended to use compression if data transfered contain +untrusted parts that can be manipulated by an attacker as he could then +get information about the encrypted data. See the CRIME attack. For +that reason the default loading of the zlib compression method is +disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB> +is present during the library initialization. + =head1 RETURN VALUES SSL_COMP_add_compression_method() may return the following values: diff -ru openssl-1.0.2a.orig/ssl/ssl_ciph.c openssl-1.0.2a/ssl/ssl_ciph.c --- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-03-19 15:30:36.000000000 -0200 +++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-03-27 15:23:05.960057092 -0200 @@ -141,6 +141,8 @@ */ #include <stdio.h> +#include <stdlib.h> +#include <sys/auxv.h> #include <openssl/objects.h> #ifndef OPENSSL_NO_COMP # include <openssl/comp.h> @@ -481,7 +483,7 @@ MemCheck_off(); ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) { + if (ssl_comp_methods != NULL && getauxval(AT_SECURE) == 0 && getenv("OPENSSL_DEFAULT_ZLIB") != NULL) { comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); if (comp != NULL) { comp->method = COMP_zlib();