-
Notifications
You must be signed in to change notification settings - Fork 7.3k
compression and TLS #1523
Comments
Currently node.js disables all compression, as seen here: https://github.com/joyent/node/blob/master/src/node_crypto.cc#L3873-3893 This is done globally, on startup, because for most node.js use cases, using >512kb of ram for each tls connection is bad -- there currently isn't a good way to disable it per-connection, especially with older versions of openssl that are quite common. |
There are good use cases when we want TLS compression enabled. Any good alternatives would be much appreciated. |
No, there're no really good use cases for it. Compression in TLS is really flawed since it can't check if underlying content is already compressed, or if it is "compressable" at all. This is widely accepted, that compression should be done at application level, instead of the protocol level. |
I'd also add that TLS compression also adds CRIME vulnerability. http://en.wikipedia.org/wiki/CRIME_(security_exploit). Glad Node didn't already use it. |
I wanted TLS Compression enabled for testing some CRIME related stuff. Probably, that was a bad call. I'm glad, @indutny made https://github.com/indutny/tls.js , which solves my problem in a way |
Does it? :) |
Well, I wanted a way to send and receive client hellos and server hellos with TLS compression enabled. The parser and framer in tls.js can be used to do what I want. There are a few hiccups here and there, will file about them in its issue list. |
Hello,
I have another little question about the TLS module.
It is possible to enable compression?
Thank you!
The text was updated successfully, but these errors were encountered: