Attached patch adds two new src.conf tunables: WITH_OPENSSL_ZLIB WITH_OPENSSL_ZLIB_SHARED The first enables zlib compression in the OpenSSL build, both combined makes zlib library load during runtime (dlopen()). More testing/review appreciated. Please consider this for commit. :) Fix: Patch attached with submission follows: How-To-Repeat: Testing for working compression can be done by with s_client: openssl s_client -no_ssl2 -no_ssl3 -connect issues.apache.org:443
Responsible Changed From-To: freebsd-bugs->jkim jkim, do you have an opinion on this one?
Responsible Changed From-To: jkim->benl Over to new openssl maintainer. Requested by: jkim
SSL/TLS compression is increasingly considered obsolete and a security hazard, to the extent that it is slated to be removed from the upcoming TLS 1.3 standard: https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3_.28draft.29
For the following conditions Product: Base System, Documentation Status: New, Open, In Progress, UNCONFIRMED Assignee: Former FreeBSD committer Reset to default assignee. Reset status to "Open".
<https://github.com/freebsd/freebsd-src/commit/cf2fc1b0f5ce501f5a29d307294e5637e0f5aba6> With OpenSSL 3.0.10 in main, what should happen with this 2012 patch?