SSL_COMP_add_compression_method(3) - phpMan

SSL_COMP_add_compression_method(3) OpenSSL SSL_COMP_add_compression_method(3)

NAME
SSL_COMP_add_compression_method, SSL_COMP_free_compression_methods - handle SSL/TLS
integrated compression methods

SYNOPSIS
#include <openssl/ssl.h>

int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);

+void SSL_COMP_free_compression_methods(void);

DESCRIPTION
SSL_COMP_add_compression_method() adds the compression method cm with the identifier id to
the list of available compression methods. This list is globally maintained for all SSL
operations within this application. It cannot be set for specific SSL_CTX or SSL objects.

SSL_COMP_free_compression_methods() frees the internal table of compression methods that
were built internally, and possibly augmented by adding SSL_COMP_add_compression_method().

NOTES
The TLS standard (or SSLv3) allows the integration of compression methods into the
communication. The TLS RFC does however not specify compression methods or their
corresponding identifiers, so there is currently no compatible way to integrate
compression with unknown peers. It is therefore currently not recommended to integrate
compression into applications. Applications for non-public use may agree on certain
compression methods. Using different compression methods with the same identifier will
lead to connection failure.

An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) will
unconditionally send the list of all compression methods enabled with
SSL_COMP_add_compression_method() to the server during the handshake. Unlike the
mechanisms to set a cipher list, there is no method available to restrict the list of
compression method on a per connection basis.

An OpenSSL server will match the identifiers listed by a client against its own
compression methods and will unconditionally activate compression when a matching
identifier is found. There is no way to restrict the list of compression methods supported
on a per connection basis.

If enabled during compilation, the OpenSSL library will have the COMP_zlib() compression
method available.

WARNINGS
Once the identities of the compression methods for the TLS protocol have been
standardized, the compression API will most likely be changed. Using it in the current
state is not recommended.

It is also not recommended to use compression if data transfered contain untrusted parts
that can be manipulated by an attacker as he could then get information about the
encrypted data. See the CRIME attack. For that reason the default loading of the zlib
compression method is disabled and enabled only if the environment variable
OPENSSL_DEFAULT_ZLIB is present during the library initialization.

RETURN VALUES
SSL_COMP_add_compression_method() may return the following values:

0 The operation succeeded.

1 The operation failed. Check the error queue to find out the reason.