Bug 1370893 - Disable compression. r=ttaubert

Bug #: 1370893

Differential Revision: https://phabricator.services.mozilla.com/D27

gtests/ssl_gtest/ssl_loopback_unittest.cc

@@ -226,14 +226,14 @@ TEST_P(TlsConnectStream, ShortRead) {
   ASSERT_EQ(50U, client_->received_bytes());
 }
 
-TEST_P(TlsConnectGeneric, ConnectWithCompressionMaybe) {
+// We enable compression via the API but it's disabled internally,
+// so we should never get it.
+TEST_P(TlsConnectGeneric, ConnectWithCompressionEnabled) {
   EnsureTlsSetup();
   client_->EnableCompression();
   server_->EnableCompression();
   Connect();
-  EXPECT_EQ(client_->version() < SSL_LIBRARY_VERSION_TLS_1_3 &&
-                variant_ != ssl_variant_datagram,
-            client_->is_compressed());
+  EXPECT_FALSE(client_->is_compressed());
   SendReceive();
 }
 

lib/ssl/ssl3con.c

@@ -1,3 +1,4 @@
+
 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * SSL3 Protocol
@@ -233,11 +234,15 @@ static const unsigned int ssl_compression_method_count =
 static PRBool
 ssl_CompressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
 {
-    SSL3ProtocolVersion version;
-
     if (compression == ssl_compression_null) {
         return PR_TRUE; /* Always enabled */
     }
+/* Compression was disabled in NSS 3.33. It is temporarily possible
+     * to re-enable it by unifdefing the following block. We will remove
+     * compression entirely in future versions of NSS. */
+#if 0
+    SSL3ProtocolVersion version;
+
     if (ss->sec.isServer) {
         /* We can't easily check that the client didn't attempt TLS 1.3,
          * so this will have to do. */
@@ -256,6 +261,7 @@ ssl_CompressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
         }
         return ss->opt.enableDeflate;
     }
+#endif
 #endif
     return PR_FALSE;
 }