From 588b66f152a6374ecefca17a1a8947c36ac29664 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 11 Mar 2014 10:30:38 +0100
Subject: [PATCH] Add a warning against compression in config.h

---
 include/polarssl/config.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index c22830b1b..8b6a8621f 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -345,6 +345,10 @@
  * If set, the SSL/TLS module uses ZLIB to support compression and
  * decompression of packet data.
  *
+ * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
+ * CRIME attack. Before enabling this option, you should examine with care if
+ * CRIME or similar exploits may be a applicable to your use case.
+ *
  * Used in: library/ssl_tls.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c