Bug 1370893 - Disable compression. r=ttaubert
authorEKR <ekr@rtfm.com>
Mon, 04 Sep 2017 06:11:51 -0700
changeset 13561 d7c1635da93034480d015e4c85c71a06a752ab3c
parent 13560 2c667cbaefcbd969e9f6863aa1c41d3c723dc1d2
child 13562 4bf658832d8960a070dd0ce2baea49a4276461a1
push id2349
push userekr@mozilla.com
push dateMon, 04 Sep 2017 16:28:01 +0000
reviewersttaubert
bugs1370893
Bug 1370893 - Disable compression. r=ttaubert Bug #: 1370893 Differential Revision: https://phabricator.services.mozilla.com/D27
gtests/ssl_gtest/ssl_loopback_unittest.cc
lib/ssl/ssl3con.c
--- a/gtests/ssl_gtest/ssl_loopback_unittest.cc
+++ b/gtests/ssl_gtest/ssl_loopback_unittest.cc
@@ -221,24 +221,24 @@ TEST_P(TlsConnectStream, ShortRead) {
   // Read the first tranche.
   client_->ReadBytes(20);
   ASSERT_EQ(20U, client_->received_bytes());
   // The second tranche should now immediately be available.
   client_->ReadBytes();
   ASSERT_EQ(50U, client_->received_bytes());
 }
 
-TEST_P(TlsConnectGeneric, ConnectWithCompressionMaybe) {
+// We enable compression via the API but it's disabled internally,
+// so we should never get it.
+TEST_P(TlsConnectGeneric, ConnectWithCompressionEnabled) {
   EnsureTlsSetup();
   client_->EnableCompression();
   server_->EnableCompression();
   Connect();
-  EXPECT_EQ(client_->version() < SSL_LIBRARY_VERSION_TLS_1_3 &&
-                variant_ != ssl_variant_datagram,
-            client_->is_compressed());
+  EXPECT_FALSE(client_->is_compressed());
   SendReceive();
 }
 
 TEST_P(TlsConnectDatagram, TestDtlsHolddownExpiry) {
   Connect();
   std::cerr << "Expiring holddown timer\n";
   SSLInt_ForceTimerExpiry(client_->ssl_fd());
   SSLInt_ForceTimerExpiry(server_->ssl_fd());
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -1,8 +1,9 @@
+
 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * SSL3 Protocol
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
@@ -228,21 +229,25 @@ static const SSLCompressionMethod ssl_co
 static const unsigned int ssl_compression_method_count =
     PR_ARRAY_SIZE(ssl_compression_methods);
 
 /* compressionEnabled returns true iff the compression algorithm is enabled
  * for the given SSL socket. */
 static PRBool
 ssl_CompressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
 {
-    SSL3ProtocolVersion version;
-
     if (compression == ssl_compression_null) {
         return PR_TRUE; /* Always enabled */
     }
+/* Compression was disabled in NSS 3.33. It is temporarily possible
+     * to re-enable it by unifdefing the following block. We will remove
+     * compression entirely in future versions of NSS. */
+#if 0
+    SSL3ProtocolVersion version;
+
     if (ss->sec.isServer) {
         /* We can't easily check that the client didn't attempt TLS 1.3,
          * so this will have to do. */
         PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
         version = ss->version;
     } else {
         version = ss->vrange.max;
     }
@@ -252,16 +257,17 @@ ssl_CompressionEnabled(sslSocket *ss, SS
 #ifdef NSS_SSL_ENABLE_ZLIB
     if (compression == ssl_compression_deflate) {
         if (IS_DTLS(ss)) {
             return PR_FALSE;
         }
         return ss->opt.enableDeflate;
     }
 #endif
+#endif
     return PR_FALSE;
 }
 
 static const /*SSL3ClientCertificateType */ PRUint8 certificate_types[] = {
     ct_RSA_sign,
     ct_ECDSA_sign,
     ct_DSS_sign,
 };