git.feebdaed.xyz Git - 0xmirror/nginx.git/commit

author	Sergey Kandaurov <pluknet@nginx.com>
	Tue, 15 Jul 2025 11:55:26 +0000 (15:55 +0400)
committer	pluknet <pluknet@nginx.com>
	Sun, 3 Aug 2025 15:15:16 +0000 (19:15 +0400)
commit	ed99269eed283e474590bbe951bad1d74b721955
tree	cc991ccdd435a59e868bb1d355ed6d85afa91e04	tree \| snapshot
parent	f4005126d78d19f1efd4f8fb4cad916d8976d97a	commit \| diff

SSL: disabled certificate compression by default with OpenSSL.

Certificate compression is supported since OpenSSL 3.2, it is enabled
automatically as negotiated in a TLSv1.3 handshake.

Using certificate compression and decompression in runtime may be
suboptimal in terms of CPU and memory consumption in certain typical
scenarios, hence it is disabled by default on both server and client
sides.  It can be enabled with ssl_conf_command and similar directives
in upstream as appropriate, for example:

    ssl_conf_command Options RxCertificateCompression;
    ssl_conf_command Options TxCertificateCompression;

Compressing server certificates requires additional support, this is
addressed separately.