Hi Daniel, Actually, I’m considering the improvement, by using cached compressed certificates, for the implementation. The solution is not straightforward yet to me. But it is a direction I will consider seriously.
Thanks, Xuelei > On Apr 13, 2022, at 1:01 PM, Daniel Jeliński <djelins...@gmail.com> wrote: > > I like the idea of implementing certificate compression. Only one > concern: TLS handshakes are generally a CPU-intensive operation, and > certificate compression / decompression will only make it worse. Will > it be possible to compress a certificate once and use it across > multiple handshakes? Decompression has to be performed every time, > obviously. > > Regards, > Daniel > > pon., 21 mar 2022 o 16:49 xueleifan(XueleiFan) <xuelei...@tencent.com> > napisał(a): >> >> Hi, >> >> >> The JDK Enhancement Proposal, TLS Certificate Compression, has been opened >> for community review. Detailed, please refer to the draft: >> >> https://bugs.openjdk.java.net/browse/JDK-8281710 >> >> and the discussion of this potential feature at security-dev: >> >> >> https://mail.openjdk.java.net/pipermail/security-dev/2022-March/029242.html >> >> >> Please feel free to make comments and review the JEP. >> >> Thanks, >> Xuelei >