Sun, Mar 11, 2018 at 12:36 AM, Peter Eisentraut <> wrote:

> On 3/9/18 09:06, Magnus Hagander wrote:
> > What platform does that actually work out of the box on? I have
> > customers who actively want to use it (for compression, not security --
> > replication across limited and metered links), and the amount of
> > workarounds they have to put in place OS level to get it working is
> > increasingly complicated.
> It was disabled in OpenSSL 1.1.0:

I am not talking about the OpenSSL disabling it. It was disabled on most
*distributions* years ago, long before that commit. Which is why I'm still
curious as to what platform you actually got it enabled by default on...

Like the stuff here:

  *) CRIME protection: disable compression by default, even if OpenSSL is
>      compiled with zlib enabled. Applications can still enable compression
>      by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by
>      using the SSL_CONF library to configure compression.
>      [Emilia Käsper]
> So for your purposes, you could add a server option to turn it back on.

Such a server option would also be useful for those users who are using
> OpenSSL <1.1.0 and want to turn off compression on the server side.
We'd probably have to put in the distribution specific workarounds like
mentioned above to make it actually useful for that.

 Magnus Hagander
 Me: <>
 Work: <>

Reply via email to