Attached patch adds two new src.conf tunables:
The first enables zlib compression in the OpenSSL build, both combined makes zlib library load during runtime (dlopen()).
More testing/review appreciated. Please consider this for commit. :)
Fix: Patch attached with submission follows:
How-To-Repeat: Testing for working compression can be done by with s_client:
openssl s_client -no_ssl2 -no_ssl3 -connect issues.apache.org:443
jkim, do you have an opinion on this one?
Over to new openssl maintainer.
Requested by: jkim
SSL/TLS compression is increasingly considered obsolete and a security hazard, to the extent that it is slated to be removed from the upcoming TLS 1.3 standard:
For the following conditions
Product: Base System, Documentation Status: New, Open, In Progress, UNCONFIRMED
Assignee: Former FreeBSD committer
Reset to default assignee. Reset status to "Open".