1

I am trying to verify an implementation of RFC8879. Are there any webservers or TLS libraries which have implemented this RFC? I have done some research and my results indicate that the popular webservers/tls libraries have not implemented this RFC yet.

I'm aware the Chrome browser supports certificate compression in their ClientHello (brotli), are there any servers which support this in their ServerHello? It doesn't seem like google's servers are responding with a CompressedCertificate message.

Dmitri
  • 479
  • 3
  • 10
sharks
  • 113
  • 1
  • 7
  • 1
    You would have to do some research yourself to find that out. However, taking your question literally, I would imagine that the answer to the question "are there **any** servers which support this" is almost certainly "yes, there's at least one somewhere in the world." – Robert Harvey Jan 13 '21 at 17:16
  • I have done research and couldn't find any, this is why I'm asking... I'll edit OP to clarify this – sharks Jan 13 '21 at 19:05
  • Well, the bulk of a certificate in binary form is going to be effectively random data, so it won't compress well at all. So there's not likely to be any real reason to implement this. (I am assuming the certificate is passed in binary form during TLS negotiations.) – Andrew Henle Jan 13 '21 at 20:29

1 Answers1

1

Yes: LiteSpeed Web Server supports certificate compression.

From 5.4 release notes:

  • [NEW FEATURE] HTTPS certificate compression, reducing the size of HTTPS handshake exchange data.
Dmitri
  • 479
  • 3
  • 10
  • 1
    Confirmed! Tested with this docker compose setup: https://hub.docker.com/r/litespeedtech/litespeed – sharks Jan 16 '21 at 19:43