Hi, Is it okay for libssl3 do depend on libbrotli? It would increase minimal installs by ~900KiB on amd64. tl;dr
coreutils build-depends on libssl-dev which makes libssl essential. libssl already supports compression via libz and zstd. Both libraries are already pulled in by dpkg so letting libssl depend on them did not change much. Compression in libssl allows to enable compression in a TLS <=v1.2 connection (TLSv1.3 does not allow it) if the client and server explicitly ask for it (it is off by default). More importantly it allows also "TLS Certificate Compression". The standard specifies here zlib, brotli and zstd. Firefox seems to support all three of them (it appears to be disabled by default in 130 but can be flipped on). Chromium seems to support only brotli. They support content-encoding with zstd so someone might be able to talk them into using it also for certificate compression. So is it worth to enable brotli support in openssl for certificate compression sake? Sebastian
