I assume the questions is only about dropping compression in the TLS
protocol?
I have no problem with that, but I would like keep the ability to use
compression
in BIO filers so please don't drop zlib support all together.
Thanks,
/leif
On 03/04/15 21:53, Salz, Rich wrote:
I am thinking about removing compression and would like to know what
the community thinks.
At a minimum, I am going to remove the ability to add compression at
run-time. This was never really documented. Moving forward, if
someone wants to add a new compression scheme they will need to modify
the OpenSSL source. This means COMP_METHOD becomes an internal datatype.
But on a larger scale, does anyone use TLS compression? It has
certainly caused problems with HTTP (see
http://en.wikipedia.org/wiki/CRIME). And the best practice these days
is to do it at the application layer, and feed the compressed bytes
down to TLS.
If this will cause problems for you, please post on the list, ideally
within the next week.
Thanks.
--
Senior Architect, Akamai Technologies
IM: [email protected] Twitter: RichSalz
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
