mirror of
http://git.haproxy.org/git/haproxy.git
synced 2026-02-04 02:13:32 +02:00
6995fe60c3
This option allows to disable the certificate compression (RFC 8879) using OpenSSL >= 3.2.0. This feature is known to permit some denial of services by causing extra memory allocations of approximately 22MiB and extra CPU work per connection with OpenSSL versions affected by CVE-2025-66199. ( https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-66199 ) Setting this to "off" permits to mitigate the problem. Must be backported to every stable branches.