You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I would like to inquire whether Botan supports enabling certificate compression in TLS (for example, as described in https://datatracker.ietf.org/doc/html/rfc8879#name-compression-algorithms). If it does support this feature, is there a parameter available during server deployment to control it? Thank you!
The text was updated successfully, but these errors were encountered:
RFC 8879 essentially adds two extensions, one to negotiate certificate compression and another one to encapsulate the encoded (and compressed) "Certificate" message. As per the RFC 8879, compression may be performed using zlib, zstd or brotli. Note that this is explicitly supported in TLS 1.3 only.
Given that Botan already has an integration with zlib, it should be relatively straight-forward to add support for RFC 8879, at least using zlib for the compression. The "CompressedCertificate" message takes the place of the conventional (uncompressed) "Certifcate" message. This requires a change in TLS 1.3's state machine, which would likely be the most critical modification required.
Further, one would need to add a few customization points, along these lines:
Hi, I would like to inquire whether Botan supports enabling certificate compression in TLS (for example, as described in https://datatracker.ietf.org/doc/html/rfc8879#name-compression-algorithms). If it does support this feature, is there a parameter available during server deployment to control it? Thank you!
The text was updated successfully, but these errors were encountered: