[openssl-dev] removing compression?

Alexey Melnikov alexey.melnikov at isode.com
Tue Apr 7 16:00:19 UTC 2015


Hi Rich,

On 03/04/2015 20:53, Salz, Rich wrote:
>
> I am thinking about removing compression and would like to know what 
> the community thinks.
>
> At a minimum, I am going to remove the ability to add compression at 
> run-time.  This was never really documented. Moving forward, if 
> someone wants to add a new compression scheme they will need to modify 
> the OpenSSL source.  This means COMP_METHOD becomes an internal datatype.
>
> But on a larger scale, does anyone use TLS compression?  It has 
> certainly caused problems with HTTP (see 
> http://en.wikipedia.org/wiki/CRIME). And the best practice these days 
> is to do it at the application layer, and feed the compressed bytes 
> down to TLS.
>
> If this will cause problems for you, please post on the list, ideally 
> within the next week.
>
Isode is using TLS compression with IMAP and XMPP, so removing 
compression altogether would be an inconvenience. We don't use adding 
compression at run-time.

Best Regards,
Alexey

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150407/e32fc581/attachment.html>


More information about the openssl-dev mailing list