[PATCH] tls: set SSL_OP_NO_COMPRESSION explicitly

[PATCH] tls: set SSL_OP_NO_COMPRESSION explicitly

[Eric Wong]

TLS compression is susceptible to the CRIME attack and
per-connection zlib contexts waste memory for idle clients.

While compression should already be off by default in modern OpenSSL;
Net::SSLeay::CTX_get_mode reveals OP_NO_COMPRESSION was not set
when created by IO::Socket::SSL::SSL_Context->new.  So set it
explicitly to ensure it's really off.
---
 lib/PublicInbox/TLS.pm | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/PublicInbox/TLS.pm b/lib/PublicInbox/TLS.pm
index 3ce57f1b..9a829def 100644
--- a/lib/PublicInbox/TLS.pm
+++ b/lib/PublicInbox/TLS.pm
@@ -3,7 +3,7 @@
 
 # IO::Socket::SSL support code
 package PublicInbox::TLS;
-use strict;
+use v5.12;
 use IO::Socket::SSL;
 use PublicInbox::Syscall qw(EPOLLIN EPOLLOUT);
 use Carp qw(carp croak);
@@ -24,13 +24,16 @@ sub _ctx_new ($) {
 				@{$tlsd->{ssl_ctx_opt}}, SSL_server => 1) or
 		croak "SSL_Context->new: $SSL_ERROR";
 
-	# save ~34K per idle connection (cf. SSL_CTX_set_mode(3ssl))
+	# SSL_MODE_RELEASE_BUFFERS saves ~34K per idle connection
+	# (cf. SSL_CTX_set_mode(3ssl))
 	# RSS goes from 346MB to 171MB with 10K idle NNTPS clients on amd64
 	# cf. https://rt.cpan.org/Ticket/Display.html?id=129463
-	my $mode = eval { Net::SSLeay::MODE_RELEASE_BUFFERS() };
-	if ($mode && $ctx->{context}) {
+	# SSL_OP_NO_COMPRESSION should be the default in OpenSSL nowadays:
+	# it avoids the CRIME attack and zlib memory overhead
+	for my $f (qw(MODE_RELEASE_BUFFERS OP_NO_COMPRESSION)) {
+		my $mode = eval "Net::SSLeay::$f()" or next;
 		eval { Net::SSLeay::CTX_set_mode($ctx->{context}, $mode) };
-		warn "W: $@ (setting SSL_MODE_RELEASE_BUFFERS)\n" if $@;
+		warn "W: $@ (setting SSL_$f)\n" if $@;
 	}
 	$ctx;
 }