RFR: 8372526: Add support for ZLIB TLS Certificate Compression [v10]

[Sean Mullan]

On Wed, 28 Jan 2026 16:53:59 GMT, Artur Barashev <abarashev at openjdk.org> wrote:

>> Implement certificate compression in TLS 1.3 using internally supported ZLIB compression algorithm. See RFC 8879 for more details:
>> https://datatracker.ietf.org/doc/html/rfc8879
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Force cache limit per compression algorithm

src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 966:

> 964: 
> 965:     /**
> 966:      * Sets whether TLS certificate compression should be enabled.

I think we should also specify what this enables, the name of the extension. I would also add an @spec label with RFC 8879. Also consider adding a sentence or two (perhaps as an API note) that this signals to the peer that it supports compression and that both sides need to support the underlying extension and compression format in order for it to be actually used. 

Also, I would probably add an Implementation Note specifying that the SunJSSE provider only supports zlib compression, and that other JSSE providers may not support this method.

src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 979:

> 977:      * @since 27
> 978:      */
> 979:     public void setEnableCertificateCompression(

Need to specify the default value in the constructor.

src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 985:

> 983: 
> 984:     /**
> 985:      * Returns whether TLS certificate compression should be enabled

Missing period.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28682#discussion_r2738642563
PR Review Comment: https://git.openjdk.org/jdk/pull/28682#discussion_r2738595313
PR Review Comment: https://git.openjdk.org/jdk/pull/28682#discussion_r2738598539