Next: Weaknesses and countermeasures, Previous: Encryption algorithms used in the record layer, Up: The TLS record protocol [Contents][Index]
The TLS record layer also supports compression. The algorithms implemented in GnuTLS can be found in the table below. The included algorithms perform really good when text, or other compressible data are to be transferred, but offer nothing on already compressed data, such as compressed images, zipped archives etc. These compression algorithms, may be useful in high bandwidth TLS tunnels, and in cases where network usage has to be minimized. It should be noted however that compression increases latency.
The record layer compression in GnuTLS is implemented based on [RFC3749]. The supported algorithms are shown below.
GNUTLS_COMP_UNKNOWNUnknown compression method.
GNUTLS_COMP_NULLThe NULL compression method (no compression).
GNUTLS_COMP_DEFLATEThe DEFLATE compression method from zlib.
GNUTLS_COMP_ZLIBSame as GNUTLS_COMP_DEFLATE .
Figure 3.2: Supported compression algorithms
Note that compression enables attacks such as traffic analysis, or even plaintext recovery under certain circumstances. To avoid some of these attacks GnuTLS allows each record to be compressed independently (i.e., stateless compression), by using the "%STATELESS_COMPRESSION" priority string, in order to be used in cases where the attacker controlled data are pt in separate records.