I am thinking about removing compression and would like to know what the community thinks.
At a minimum, I am going to remove the ability to add compression at run-time. This was never really documented. Moving forward, if someone wants to add a new compression scheme they will need to modify the OpenSSL source. This means COMP_METHOD becomes an internal datatype. But on a larger scale, does anyone use TLS compression? It has certainly caused problems with HTTP (see http://en.wikipedia.org/wiki/CRIME). And the best practice these days is to do it at the application layer, and feed the compressed bytes down to TLS. If this will cause problems for you, please post on the list, ideally within the next week. Thanks. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
