removing compression?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am thinking about removing compression and would like to know what the community thinks.

At a minimum, I am going to remove the ability to add compression at run-time.  This was never really documented. Moving forward, if someone wants to add a new compression scheme they will need to modify the OpenSSL source.  This means COMP_METHOD becomes an internal datatype.


But on a larger scale, does anyone use TLS compression?  It has certainly caused problems with HTTP (see http://en.wikipedia.org/wiki/CRIME). And the best practice these days is to do it at the application layer, and feed the compressed bytes down to TLS.

If this will cause problems for you, please post on the list, ideally within the next week.

Thanks.

--
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150403/c03febbf/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux