[openssl-users] removing compression?

Salz, Rich rsalz at akamai.com
Fri Apr 3 19:53:59 UTC 2015


I am thinking about removing compression and would like to know what the community thinks.

At a minimum, I am going to remove the ability to add compression at run-time.  This was never really documented. Moving forward, if someone wants to add a new compression scheme they will need to modify the OpenSSL source.  This means COMP_METHOD becomes an internal datatype.


But on a larger scale, does anyone use TLS compression?  It has certainly caused problems with HTTP (see http://en.wikipedia.org/wiki/CRIME). And the best practice these days is to do it at the application layer, and feed the compressed bytes down to TLS.

If this will cause problems for you, please post on the list, ideally within the next week.

Thanks.

--
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150403/c03febbf/attachment.html>


More information about the openssl-users mailing list