Support zstd certificate compression for TLS
Categories
(Core :: Networking: HTTP, enhancement, P3)
Tracking
()
People
(Reporter: jesup, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
Support zstd certificate compression to reduce the size of certificates and speed up TLS negotiation
Reporter | ||
Updated•2 months ago
|
Comment 1•2 months ago
•
|
||
Hey, FYI, I am working on a patch to enabling zlib for certificate compression (https://phabricator.services.mozilla.com/D203909).
My next target is supposed to be zstd. Would you prefer if I implemented the patch?
Here is the bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1881027
Reporter | ||
Comment 2•2 months ago
|
||
Yes, that'd be great. The library import is here: https://phabricator.services.mozilla.com/D197296 and the http decompression support is here: https://phabricator.services.mozilla.com/D205109
Overall it doesn't look that hard, from what I saw in the zlib patches. (The decompression support includes some stuff for compression; that's leftover from when I was planning to put it all in a sandbox. Without that, I can remove the compression support that's currently in nsHTTPCompressConv -- but it's probably useful for you to see as an example.) Zstd compression using ZSTD_compressStream() is pretty straightforward. You'll need to choose a compression level I assume.
Question: does the TLS cert compression run in the Parent Process? (I assume so). Does it ever see arbitrary data under the control of a website? (I assume not -- I imagine it might compress user-supplied certs, which isn't the same thing.)
Thanks!
Comment 3•1 month ago
|
||
Hi,
I will try to enable zstd as soon as we have the other compression algorithms enabled :)
Reporter | ||
Updated•1 month ago
|
Description
•