[Pkg-openssl-devel] Should OpenSSL/ libssl3 depend on brotli?
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Fri Sep 6 23:12:58 BST 2024
Hi,
Is it okay for libssl3 do depend on libbrotli? It would increase minimal
installs by ~900KiB on amd64.
tl;dr
coreutils build-depends on libssl-dev which makes libssl essential.
libssl already supports compression via libz and zstd. Both libraries
are already pulled in by dpkg so letting libssl depend on them did not
change much.
Compression in libssl allows to enable compression in a TLS <=v1.2
connection (TLSv1.3 does not allow it) if the client and server
explicitly ask for it (it is off by default).
More importantly it allows also "TLS Certificate Compression". The
standard specifies here zlib, brotli and zstd. Firefox seems to support
all three of them (it appears to be disabled by default in 130 but can
be flipped on).
Chromium seems to support only brotli. They support content-encoding
with zstd so someone might be able to talk them into using it also for
certificate compression.
So is it worth to enable brotli support in openssl for certificate
compression sake?
Sebastian
More information about the Pkg-openssl-devel
mailing list