Closed
Bug 307121
Opened 19 years ago
Closed 19 years ago
NSS does not support SSL compression (RFC 3749)
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 275744
People
(Reporter: gvz, Assigned: wtc)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 Quite few people know: SSLv3 + TLS Hello do not only negotiate the cipher algorithms, but also the list of supported compression algorithms. In May 2004, RFC 3749 made Code 1 for gzip/deflate compression the first standard SSL compression algorith. OpenSSL 0.9.8 (when compiled with "zlib") supports it from the scratch, so Apache with OpenSSL 0.9.8 (zlib) does. Once SSLv2 support is dropped, SSL compression might be *the* standard compression. Right: HTTP has its compression algorith, but SMTP / IMAP do not. So, e.g. Thunderbird with an OpenSSL based server on the other side would use compresion - based on open standards. Sorry, I am certainly not the expert for this issue - but my impression is nearly nobody knows about SSL compression. Sorry, if I am wrong. Reproducible: Always Steps to Reproduce: For testing a working SSL compression, do e.g.: - Build OpenSSL 0.9.8 with "zlib"-option - Start a background tcpdump/snoop - Type: openssl s_client -ssl3 -connect www.vodafone.de:443 If SSL compression is supported, the following output will appear: ... SSL-Session: Protocol : SSLv3 ... Cipher : DHE-RSA-AES256-SHA ... Key-Arg : None Compression: 1 (zlib compression) Start Time: 1125934288 ... Now you can compare your packet sniffing results with non-ssl-compression sites.
Comment 1•19 years ago
|
||
*** This bug has been marked as a duplicate of 275744 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•