All users were logged out of Bugzilla on October 13th, 2018
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 Quite few people know: SSLv3 + TLS Hello do not only negotiate the cipher algorithms, but also the list of supported compression algorithms. In May 2004, RFC 3749 made Code 1 for gzip/deflate compression the first standard SSL compression algorith. OpenSSL 0.9.8 (when compiled with "zlib") supports it from the scratch, so Apache with OpenSSL 0.9.8 (zlib) does. Once SSLv2 support is dropped, SSL compression might be *the* standard compression. Right: HTTP has its compression algorith, but SMTP / IMAP do not. So, e.g. Thunderbird with an OpenSSL based server on the other side would use compresion - based on open standards. Sorry, I am certainly not the expert for this issue - but my impression is nearly nobody knows about SSL compression. Sorry, if I am wrong. Reproducible: Always Steps to Reproduce: For testing a working SSL compression, do e.g.: - Build OpenSSL 0.9.8 with "zlib"-option - Start a background tcpdump/snoop - Type: openssl s_client -ssl3 -connect www.vodafone.de:443 If SSL compression is supported, the following output will appear: ... SSL-Session: Protocol : SSLv3 ... Cipher : DHE-RSA-AES256-SHA ... Key-Arg : None Compression: 1 (zlib compression) Start Time: 1125934288 ... Now you can compare your packet sniffing results with non-ssl-compression sites.
*** This bug has been marked as a duplicate of 275744 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.