From 459e6a70baff87f7554a4d858681aeb9d0883f70 Mon Sep 17 00:00:00 2001
From: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Date: Tue, 5 Feb 2013 21:52:29 +0000
Subject: [PATCH] disable-SSL-compression-by-default

Gbp-Pq: Name disable-SSL-compression-by-default.patch
---
 src/network/ssl/qssl.cpp              | 5 +++--
 src/network/ssl/qsslconfiguration.cpp | 4 +++-
 src/network/ssl/qsslconfiguration_p.h | 4 +++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index e22598458..322bbaea8 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -148,8 +148,9 @@ QT_BEGIN_NAMESPACE
 
     By default, SslOptionDisableEmptyFragments is turned on since this causes
     problems with a large number of servers. SslOptionDisableLegacyRenegotiation
-    is also turned on, since it introduces a security risk. The other options
-    are turned off.
+    is also turned on, since it introduces a security risk.
+    SslOptionDisableCompression is turned on to prevent the attack publicised by
+    CRIME. The other options are turned off.
 
     Note: Availability of above options depends on the version of the SSL
     backend in use.
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 0eb01b85c..968b3f6ee 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -201,7 +201,9 @@ bool QSslConfiguration::isNull() const
             d->privateKey.isNull() &&
             d->peerCertificate.isNull() &&
             d->peerCertificateChain.count() == 0 &&
-            d->sslOptions == (QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation));
+            d->sslOptions == ( QSsl::SslOptionDisableEmptyFragments
+                              |QSsl::SslOptionDisableLegacyRenegotiation
+                              |QSsl::SslOptionDisableCompression));
 }
 
 /*!
diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index b2a76d456..7ee34ea6e 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -83,7 +83,9 @@ public:
         : protocol(QSsl::SecureProtocols),
           peerVerifyMode(QSslSocket::AutoVerifyPeer),
           peerVerifyDepth(0),
-          sslOptions(QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation)
+          sslOptions(QSsl::SslOptionDisableEmptyFragments
+                     |QSsl::SslOptionDisableLegacyRenegotiation
+                     |QSsl::SslOptionDisableCompression)
     { }
 
     QSslCertificate peerCertificate;
-- 
2.30.2