RFR: 8372526: Add support for ZLIB TLS Certificate Compression [v9]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Tue Jan 27 16:57:43 UTC 2026
On Mon, 26 Jan 2026 22:41:29 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Implement certificate compression in TLS 1.3 using internally supported ZLIB compression algorithm. See RFC 8879 for more details:
>> https://datatracker.ietf.org/doc/html/rfc8879
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Allocate 24 bits for input size in cache key. Add unit tests.
Changes requested by xuelei (Reviewer).
src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 982:
> 980: boolean enableCertificateCompression) {
> 981: this.enableCertificateCompression = enableCertificateCompression;
> 982: }
Is there a plan to support brotli compression algorithm in OpenJDK? It is the only supported algorithm in browser Chrome.
If there is a need to support more than one compression algorithms in the future, it might be better to provide an option to customize the algorithms selection, including preferences. The flexibility could provide better interoperability if a vendor does not support compression algorithm properly.
-------------
PR Review: https://git.openjdk.org/jdk/pull/28682#pullrequestreview-3712350928
PR Review Comment: https://git.openjdk.org/jdk/pull/28682#discussion_r2732956812
More information about the security-dev
mailing list