Leveraging OpenSSL 3.2 TLS certificate compression?
Opened this issue · 3 comments
OpenSSL 3.2 supports TLS certificate compression https://www.openssl.org/blog/blog/2023/11/23/OpenSSL32/ and was wondering if Nginx/Angie can benefit from such for serving SSL certificates for HTTPS?
Litespeed web server uses BoringSSL, and they improved HTTPS performance with their spin on SSL certificate compression, I believe. Not sure if their SSL certificate compression is something unique to using BoringSSL as opposed to OpenSSL?
I just updated my Centmin Mod LEMP stack with Angie optional support and looking good so far with OpenSSL 1.1.1, OpenSSL 3 and BoringSSL. :)
On AlmaLinux 8
nginx -V
Angie version: Angie/1.4.0 (030124-054935-almalinux8-kvm-7775154)
built by gcc 13.1.1 20230614 (Red Hat 13.1.1-4) (GCC)
built with OpenSSL 1.1.1w 11 Sep 2023
nginx -V
Angie version: Angie/1.4.0 (030124-062812-almalinux8-kvm-7775154)
built by gcc 13.1.1 20230614 (Red Hat 13.1.1-4) (GCC)
built with OpenSSL 3.2.0 23 Nov 2023
nginx -V
Angie version: Angie/1.4.0 (030124-063836-almalinux8-kvm-7775154)
built by gcc 13.1.1 20230614 (Red Hat 13.1.1-4) (GCC)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
AFAIK, it's enabled by default as long as you use Angie/nginx with OpenSSL 3.2.
Nice. So that applies to both Angie and open source Nginx 1.25.x built with OpenSSL 3.2? Or just Angie?
For both.