Disable non-delayed zlib for server

author: Matt Johnston <matt@ucc.asn.au> 2015-01-28 21:38:27 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2015-01-28 21:38:27 +0800
commit: a7a79d569a41b282da63c159fc8032b4472a2a73 (patch)
tree: 8eb7d57e766727bd1c8c720f2093f41adefa880d /options.h
parent: 6165f53fcd6be9bb06fc3cd29e8640bb14d95111 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/options.h b/options.h
index 644ec72..6339b0a 100644
--- a/options.h
+++ b/options.h
@@ -174,6 +174,11 @@ much traffic. */
 #define DROPBEAR_ZLIB_WINDOW_BITS 15 
 #endif
 
+/* Server won't allow zlib compression until after authentication. Prevents
+   flaws in the zlib library being unauthenticated exploitable flaws.
+   Some old ssh clients may not support the alternative zlib@openssh.com method */
+#define DROPBEAR_SERVER_DELAY_ZLIB 1
+
 /* Whether to do reverse DNS lookups. */
 /*#define DO_HOST_LOOKUP */
author	Matt Johnston <matt@ucc.asn.au>	2015-01-28 21:38:27 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2015-01-28 21:38:27 +0800
commit	a7a79d569a41b282da63c159fc8032b4472a2a73 (patch)
tree	8eb7d57e766727bd1c8c720f2093f41adefa880d /options.h
parent	6165f53fcd6be9bb06fc3cd29e8640bb14d95111 (diff)