Closed Bug 1409587 Opened 7 years ago Closed 7 years ago

Remove TLS compression

Categories

(NSS :: Libraries, enhancement, P1)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Future

People

(Reporter: mt, Assigned: mt)

References

Details

Attachments

(1 file)

Bug 1409587 - Remove TLS compression, r?ekr
45 bytes, text/x-phabricator-request
ekr
: review+
Details | Review 
Compression in TLS is a maintenance burden and a security hazard.  We've disabled it, so we should now remove the code that implements it.

We will keep the ability to enable it and even report success when applications do that.  This ensures that we don't break applications that expect to be able to enable compression.

The patch that I have prepared doesn't remember that compression was enabled, so those applications that retrieve the configuration will see that it is in fact disabled.  If this is seen as a compatibility risk, we can remember that they set the option.
Assignee: nobody → martin.thomson
Priority: -- → P1
Comment on attachment 8919544 [details]
Bug 1409587 - Remove TLS compression, r?ekr

Eric Rescorla (:ekr) has approved the revision.

https://phabricator.services.mozilla.com/D136#3500
Attachment #8919544 - Flags: review+
https://hg.mozilla.org/projects/nss/rev/5ba8fb8bfa3599905f2eb40f7bab43d6a8ff2244
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Future
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: