Closed
Bug 1409587
Opened 7 years ago
Closed 7 years ago
Remove TLS compression
Categories
(NSS :: Libraries, enhancement, P1)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
Future
People
(Reporter: mt, Assigned: mt)
References
Details
Attachments
(1 file)
Compression in TLS is a maintenance burden and a security hazard. We've disabled it, so we should now remove the code that implements it. We will keep the ability to enable it and even report success when applications do that. This ensures that we don't break applications that expect to be able to enable compression. The patch that I have prepared doesn't remember that compression was enabled, so those applications that retrieve the configuration will see that it is in fact disabled. If this is seen as a compatibility risk, we can remember that they set the option.
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → martin.thomson
Updated•7 years ago
|
Priority: -- → P1
Comment 1•7 years ago
|
||
Comment on attachment 8919544 [details] Bug 1409587 - Remove TLS compression, r?ekr Eric Rescorla (:ekr) has approved the revision. https://phabricator.services.mozilla.com/D136#3500
Attachment #8919544 -
Flags: review+
Assignee | ||
Comment 2•7 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/5ba8fb8bfa3599905f2eb40f7bab43d6a8ff2244
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Future
You need to log in
before you can comment on or make changes to this bug.
Description
•