A few years ago we discussed whether to disable SSL compression [0] which ended up with it being off by default combined with a recommendation against it in the docs.
OpenSSL themselves disabled SSL compression by default in 2016 in 1.1.0 with distros often having had it disabled for a long while before then. Further, TLSv1.3 removes compression entirely on the protocol level mandating that only NULL compression is allowed in the ClientHello. NSS, which is discussed in another thread, removed SSL compression entirely in version 3.33 in 2017. It seems about time to revisit this since it's unlikely to work anywhere but in a very small subset of system setups (being disabled by default everywhere) and is thus likely to be very untested at best. There is also the security aspect which is less clear-cut for us compared to HTTP client/servers, but not refuted (the linked thread has a good discussion on this). The attached removes sslcompression to see what it would look like. The server actively disallows it and the parameter is removed, but the sslcompression column in the stat view is retained. An alternative could be to retain the parameter but not act on it in order to not break scripts etc, but that just postpones the pain until when we inevitably do remove it. Thoughts? Any reason to keep supporting SSL compression or is it time for v14 to remove it? Are there still users leveraging this for protocol compression without security making it worthwhile to keep? -- Daniel Gustafsson https://vmware.com/ [0] https://www.postgresql.org/message-id/flat/595cf3b1-4ffe-7f05-6f72-f72b7afa7993%402ndquadrant.com
openssl_disallow_compression.patch
Description: Binary data
