eve icon indicating copy to clipboard operation
eve copied to clipboard
verified publisher icon lf-edge

Enable TLS certificate compression

Open rucoder opened this issue 11 months ago • 2 comments

Proposal

In order to minimize network traffic during TLS handshake Certificate TLS compression can be enabled on both client and server side. It is defined in RFC 8879. As per 24.01.25 neither popular HTTP servers e.g. nginx nor Go TLS client support this feature out of the box. The issue is a placeholder to gather information

  1. Open SSL supports is since 3.2 Alpha 1 https://openssl-library.org/post/2023-09-07-ossl32a1/
  2. nginx ticket that tracks the feature request https://trac.nginx.org/nginx/ticket/2546
  3. Golang issue https://github.com/golang/go/issues/42967

Some example implementations

  1. https://github.com/getlantern/utls/pull/15

Status in Rust

  1. rustls supports it already.

rucoder avatar Jan 24 '25 14:01 rucoder

How much traffic is saved?

shjala avatar Jan 24 '25 15:01 shjala

How much traffic is saved?

depends on certificate chain size which may be very big in some cases

rucoder avatar Jan 28 '25 13:01 rucoder