This post is about two things: 1) I am curious to know if anyone has tried out the performance enhancement I submitted for using ZLIB with openSSL.
2) I would like to know if anything is going to be done about openSSL ignoring the compression byte during the handshake when the protocol is to be negotiated. I suspect very few people have used openSSL with compression. It was not properly supported in the build until 0.9.7. There is an outstanding problem in the handshake (see below) and the IETF has still not formally agreed on the choice of algorithm numbers. However, there must be other developers who want to be on the bleeding edge! At the moment the only way for compression to work is for the sender to say it is using a protocol explicitly (and it must be either SSLv3 or TLSv1). This is due to the fact that it has to cope with negotiation with a party that only speaks SSLv2 where the compression byte is absent. I realise that I can achieve what I want by negotiating then it it turns out we are both speaking >= SSLv3 then I can tear the connection down and start again with that protocol explicitly selected and with compression specified. But what a bother! And what counterintuitive behaviour. Surely this can be done behind the scenes. What about when TLSv2 comes along? This would disadvantage s/w that uses compression because it would be hardcoded to use TLSv1. Regards, Andrew M. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
