Mitigate the CRIME TLS flaw

If an attacker can cause a device to make an authenticated request to a service via TLS while including a payload of the attacker's choice in that request, and if TLS compression is enabled, the attacker can uncover the plaintext authentication information by making a series of guesses and observing changes in the length of the ciphertext. This is CVE-2012-4929. FS-6360 --resolve Thanks-to: Brian West <brian@freeswitch.org>

Mitigate the CRIME TLS flaw
If an attacker can cause a device to make an authenticated request to a service via TLS while including a payload of the attacker's choice in that request, and if TLS compression is enabled, the attacker can uncover the plaintext authentication information by making a series of guesses and observing changes in the length of the ciphertext. This is CVE-2012-4929. FS-6360 --resolve Thanks-to: Brian West <brian@freeswitch.org>
19fc943f · Travis Cross · 2b651b9a · 19fc943f
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
@@ -334,6 +334,8 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
    SSL_CTX_set_options(tls->ctx, SSL_OP_NO_TLSv1_2);
  SSL_CTX_sess_set_remove_cb(tls->ctx, NULL);
  SSL_CTX_set_timeout(tls->ctx, ti->timeout);
+  /* CRIME (CVE-2012-4929) mitigation */
+  SSL_CTX_set_options(tls->ctx, SSL_OP_NO_COMPRESSION);

  /* Set callback if we have a passphrase */
  if (ti->passphrase != NULL) {