diff options.h @ 996:47643024fc90

Disable non-delayed zlib for server
author Matt Johnston <matt@ucc.asn.au>
date Wed, 28 Jan 2015 21:38:27 +0800
parents 6fb4c010c448
children a1e79ffa5862
line wrap: on
line diff
--- a/options.h	Sat Jan 24 00:05:26 2015 +0800
+++ b/options.h	Wed Jan 28 21:38:27 2015 +0800
@@ -174,6 +174,11 @@
 #define DROPBEAR_ZLIB_WINDOW_BITS 15 
 #endif
 
+/* Server won't allow zlib compression until after authentication. Prevents
+   flaws in the zlib library being unauthenticated exploitable flaws.
+   Some old ssh clients may not support the alternative [email protected] method */
+#define DROPBEAR_SERVER_DELAY_ZLIB 1
+
 /* Whether to do reverse DNS lookups. */
 /*#define DO_HOST_LOOKUP */