Enable compression in OpenSSL and add opt-in certificate compression support for TLS connections#62217
Open
pimterry wants to merge 3 commits intonodejs:mainfrom
Open
Enable compression in OpenSSL and add opt-in certificate compression support for TLS connections#62217pimterry wants to merge 3 commits intonodejs:mainfrom
pimterry wants to merge 3 commits intonodejs:mainfrom
Conversation
Collaborator
|
Review requested:
|
nodejs-github-bot
added
dependencies
pimterry
force-pushed
the
openssl-compression
branch
2 times, most recently
from
536ac85 to
b7d557b
Compare
Member
Author
|
Review from @nodejs/crypto also helpful. Although this is a deps change, it's primarily a TLS feature. As noted in the description: the number of changes files is intimidating, but the vast vast majority are autogenerated updates! It's actually a fairly reasonable changeset 😄 |
Contributor
|
Could you split the |
This changes enables compression within OpenSSL *without* enabling record compression, so this only affects compression of certificates delivered within the TLS handshake. This certificate compression remains disabled by default for now, but becomes available via the new certificateCompression option in TLS context APIs. Enabling this shrinks handshakes significantly, and also reduces fingerprintability of Node.js client handshakes, as these are enabled in all modern browsers by default.
pimterry
force-pushed
the
openssl-compression
branch
from
b7d557b to
aee82a2
Compare
Member
Author
|
@aduh95 Good idea. Now split into three commits: the first reconfigures the OpenSSL build, the 2nd contains all the auto-generated output from that, the 3rd contains the Node changes which use this to enable cert compression. |
anonrig
reviewed
Mar 12, 2026
| unsigned char* data = nullptr; | ||
| size_t orig_len = 0; | ||
| size_t comp_len = | ||
| SSL_CTX_get1_compressed_cert(sc->ctx_.get(), algs[i], &data, &orig_len); |
Member
There was a problem hiding this comment.
WE need a CHECK for algs length being len somewhere before this for loop
| #include "memory_tracker.h" | ||
| #include "v8.h" | ||
|
|
||
| #include <vector> |
Member
There was a problem hiding this comment.
This should be surrounded by
#ifndef OPENSSL_NO_COMP_ALG
addaleax
reviewed
Mar 13, 2026
Comment on lines
+2107
to
+2111
| if (strcmp(*name, "zlib") == 0) { | ||
| algs[i] = TLSEXT_comp_cert_zlib; | ||
| } else if (strcmp(*name, "brotli") == 0) { | ||
| algs[i] = TLSEXT_comp_cert_brotli; | ||
| } else if (strcmp(*name, "zstd") == 0) { |
Member
There was a problem hiding this comment.
Suggested change
| if (strcmp(*name, "zlib") == 0) { | |
| algs[i] = TLSEXT_comp_cert_zlib; | |
| } else if (strcmp(*name, "brotli") == 0) { | |
| algs[i] = TLSEXT_comp_cert_brotli; | |
| } else if (strcmp(*name, "zstd") == 0) { | |
| if (name.ToStringView() == "zlib") { | |
| algs[i] = TLSEXT_comp_cert_zlib; | |
| } else if (name.ToStringView() == "brotli") { | |
| algs[i] = TLSEXT_comp_cert_brotli; | |
| } else if (name.ToStringView() == "zstd") { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Until now, we've fully disabled all compression features in OpenSSL via
no-comp. This PR:certificateCompressionoption for TLS contexts, exposing the OpenSSL API for certificate compression, defaulting to disabled (i.e. no visible change). We might want to enable this by default in future but we can debate that separately, no need to do so immediately I think. The new API throws an error if a non-empty option is passed when using a shared OpenSSL without compression support.There's a lot of changes here but the vast majority (everything in
deps/openssl/config/archs) are auto-generated based on the OpenSSL config changes and the actual source changes are quite simple.This is my first time touching the OpenSSL dep setup directly, so hopefully I've rebuilt it correctly! Extra eyes there very helpful. Notably you can't actually rebuild directly on
mainviamake gen-opensslright now, because/deps/openssl/openssl/test/doesn't exist (removed since #57835). That's fine for OpenSSL dep updates (which pull the whole tree anyway) but it breaks simple regeneration. I just manually included the test dir locally, which seems to have rebuilt OK without changes. I'll open a separate PR to fix that properly later, but there's too many conflicts with the changes in here to open that at the same time.There's also a small test change required to the config for 3 unusual addon tests: on Mac only, directly linked our internal libopenssl.a into a shared library, without the rest of Node, which no longer works (because OpenSSL now references the compression libs). I don't think this is sensible or supported approach, I can't find any examples of this anywhere else, and these tests cover a feature (OpenSSL custom engines) which is deprecated and will be removed in OpenSSL v4 anyway. A small config change here updates them to instead dynamically look up symbols which should give the same result without issues.
Upsides:
Binary size
Since the compression libraries are already included in Node anyway, this is minimal: a standard Node build on my machine is 131MB, and increases 40KB (0.03%) with this addition.
Compression risks in TLS e.g. CRIME
No-comp was originally here in part to disable TLS record compression (compression during the connection itself, broken by CRIME). In this PR we're not enabling that, we're enabling certificate compression (how certs are transferred during the initial handshake only). There's no known vulnerabilities around certificate compression itself AFAIK, and it's enabled in all modern browsers and user-facing backends like NGINX, HAProxy, Envoy, etc so seems like a safe bet. This PR also keeps it disabled by default - it just becomes optionally available.
Record compression here is not enabled by this change, despite removing
no-comp. It's independently disabled in many other ways:node/deps/openssl/openssl/ssl/ssl_lib.c
Lines 4207 to 4215 in 2b74812
node/src/crypto/crypto_util.cc
Lines 165 to 167 in 2b74812
Removing it completely from the OpenSSL build as well was a nice extra protection, but it's not strictly required and blocks other unrelated TLS compression features.