Open Bug 1884301 Opened 1 month ago Updated 4 days ago

Support zstd certificate compression for TLS


(Core :: Networking: HTTP, enhancement, P3)





(Reporter: jesup, Unassigned)


(Blocks 1 open bug)


(Whiteboard: [necko-triaged])

Support zstd certificate compression to reduce the size of certificates and speed up TLS negotiation

Blocks: 1884305
No longer blocks: zstd

Hey, FYI, I am working on a patch to enabling zlib for certificate compression (

My next target is supposed to be zstd. Would you prefer if I implemented the patch?

Here is the bug:

Flags: needinfo?(rjesup)

Yes, that'd be great. The library import is here: and the http decompression support is here:

Overall it doesn't look that hard, from what I saw in the zlib patches. (The decompression support includes some stuff for compression; that's leftover from when I was planning to put it all in a sandbox. Without that, I can remove the compression support that's currently in nsHTTPCompressConv -- but it's probably useful for you to see as an example.) Zstd compression using ZSTD_compressStream() is pretty straightforward. You'll need to choose a compression level I assume.

Question: does the TLS cert compression run in the Parent Process? (I assume so). Does it ever see arbitrary data under the control of a website? (I assume not -- I imagine it might compress user-supplied certs, which isn't the same thing.)


Flags: needinfo?(rjesup) → needinfo?(nkulatova)


I will try to enable zstd as soon as we have the other compression algorithms enabled :)

Flags: needinfo?(nkulatova)
Severity: -- → N/A
Priority: -- → P3
Whiteboard: [necko-triaged]
You need to log in before you can comment on or make changes to this bug.