All users were logged out of Bugzilla on October 13th, 2018

NSS does not support SSL compression (RFC 3749)

VERIFIED DUPLICATE of bug 275744

Status

--
enhancement
VERIFIED DUPLICATE of bug 275744
13 years ago
13 years ago

People

(Reporter: gvz, Assigned: wtc)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.10) Gecko/20050717 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.10) Gecko/20050717 Firefox/1.0.6

Quite few people know: SSLv3 + TLS Hello do not only negotiate the cipher
algorithms, but also the list of supported compression algorithms. In May 2004,
RFC 3749 made Code 1 for gzip/deflate compression the first standard SSL
compression algorith. OpenSSL 0.9.8 (when compiled with "zlib") supports it from
the scratch, so Apache with OpenSSL 0.9.8 (zlib) does.
Once SSLv2 support is dropped, SSL compression might be *the* standard
compression. Right: HTTP has its compression algorith, but SMTP / IMAP do not.
So, e.g. Thunderbird with an OpenSSL based server on the other side would use
compresion - based on open standards.

Sorry, I am certainly not the expert for this issue - but my impression is
nearly nobody knows about SSL compression. Sorry, if I am wrong.

Reproducible: Always

Steps to Reproduce:
For testing a working SSL compression, do e.g.:
- Build OpenSSL 0.9.8 with "zlib"-option
- Start a background tcpdump/snoop
- Type: openssl s_client -ssl3 -connect www.vodafone.de:443
If SSL compression is supported, the following output will appear:
...
SSL-Session:
    Protocol  : SSLv3
...
    Cipher    : DHE-RSA-AES256-SHA
...
    Key-Arg   : None
   Compression: 1 (zlib compression)
    Start Time: 1125934288
...

Now you can compare your packet sniffing results with non-ssl-compression sites.

Comment 1

13 years ago

*** This bug has been marked as a duplicate of 275744 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
(Assignee)

Updated

13 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.