I would want to double check this. The APACHE docs found here state the following:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html "How do I get SSL compression working? Although SSL compression negotiation was defined in the specification of SSLv2 and TLS, it took until May 2004 for RFC 3749 to define DEFLATE as a negotiable standard compression method. OpenSSL 0.9.8 started to support this by default when compiled with the zlib option. If both the client and the server support compression, it will be used. However, most clients still try to initially connect with an SSLv2 Hello. As SSLv2 did not include an array of prefered compression algorithms in its handshake, compression cannot be negotiated with these clients. If the client disables support for SSLv2, either an SSLv3 or TLS Hello may be sent, depending on which SSL library is used, and compression may be set up. You can verify whether clients make use of SSL compression by logging the %{SSL_COMPRESS_METHOD}x variable. On Tue, Jan 17, 2012 at 11:43:55AM +0100, Jakob Bohm wrote: > On 1/17/2012 11:27 AM, nilesh wrote: > > Hi, > > > > As per the RFC2246, the data might be compressed and then encrypted. > > And the decryption function does the reverse operations. > > > > But when I setup server to capture SSL3.0 and TLS1.0 traces, I have > > never observed any compression algorithm being used. > > The record is just encrypted and sent. > > > > Could someone please explain if compression operation is configurable > > option on Server? Is it not always present? > > > 1. I think OpenSSL implements this feature, but I don't know > how a server and client might request it from the OpenSSL code. > > 2. Most protocols used with SSL/TLS already include their own > means of compressing data before handing it to SSL, so for > those protocols, enabling SSL/TLS compression would be of so > little use that few implementations would enable it for those > applications. The most notable example is HTTP/1.x over SSL > (https), where there are HTTP headers for requesting > compression independently of the use of SSL. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
