Hi Mike,
Yes, this is better to disable it by default. But do you project to return on openssl 1.0.0x for next release to control compression ?
And why are you move from openssl 1.0.0 to 0.9.8 in version 4.48 to 4.49 ? (for FIPS i suppose)
Thank's.
Ludovic.
Le 09/12/2011 18:46, Michal Trojnara a écrit :
I wrote:
My conclusion: I will add "compression = none" global option implemented as: #ifndef OPENSSL_NO_COMP sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); #endif
On second thought: This might be probably even better to switch compression off by default. The memory and CPU requirements of compression probably make it a bad choice for ~90% of users.
The available parameters will be:
- deflate - RFC 3749 https://www.ietf.org/rfc/rfc3749.txt
- zlib - OpenSSL 0.9.7 compatibility
- rle - OpenSSL 0.9.7 compatibility
The default will be to disable compression entirely.
What do you think?
Mike