TLS compression

Simon Josefsson simon at
Tue Dec 18 11:44:23 CET 2007

"John Brooks" <aspecialj at> writes:

> Assuming the compression is done prior to encryption (I can't recall if it
> is or not),

Right, compression is done before encryption in TLS.  (RFC 3749)

> pretty much any major compression format and especially powerful ones
> like LZMA will compress most things to incredible levels. Standard
> text (i.e. most protocols, websites, etc) tends to compress extremely
> well - i've seen bzip2 reduce hundreds of megabytes of text files to
> 1/4th of their original size, and LZMA is generally regarded as doing
> even better.


> One concern would be that LZMA compression is pretty slow. It takes some
> serious CPU effort - it might put a pretty hefty load on the compressing
> side in higher speed connections.

The quote below suggests otherwise, but perhaps it was comparing the
situation against even worse algorithms.  I think the trade-offs are
different for network compression than for file compression.

Right now, the only standard compression algorithm besides DEFLATE is
LZS which is patented as far as I know.  It would be interesting to
compare and develop a free and better alternative..


> If the compression is done after encryption, the benefit will be much less
> noticable. Obviously encrypted data will be fairly evenly distributed, so it
> won't be able to compress much.
>  - John
> On Dec 17, 2007 4:49 AM, Simon Josefsson <simon at> wrote:
>> Simon Josefsson <simon at> writes:
>> > Still, I'm not sure if it makes sense for GnuTLS to enable LZO
>> > compression by default any more.  It is not a standard TLS compression
>> > algorithm.  What do people think?  It would also be interesting to
>> > compare it with LZMA, which has gained some popularity lately:
>> >
>> >
>> >
>> >
>> > Btw, liblzo* has rather few reverse dependencies on Debian, so except
>> > for gnutls liblzo isn't that widely used.  Dropping it might save space
>> > on most installation.
>> I found this quote:
>>  Igor Pavlov is the developer behind the amazing 7-Zip compressor,
>>  which has always been available under the GPL. Igor has now created a
>>  separate LZMA SDK, which implements his compression algorithm in a way
>>  that makes it suitable for embedded applications.
>>  On the SDK web page, Igor says that the LZMA code can decompress up to
>>  1 MB/s on a 100 MHz ARM, MIPS, or other RISC CPU. The memory
>>  requirements for decompression are as low as 8-23 KB, and the code may
>>  take up as little as 2-8KB.
>>  This sounds like a great piece of work for embedded developers. Up
>>  until now, the best library out there for this community has been LZO,
>>  which has a few problems that hold it back. Perhaps Igor's product
>>  will now be the go-to library for this community.
>> Perhaps we should do some work in this area...
>> Does anyone know of any real-world benchmarks of TLS compression?  I'd
>> guess that network traffic compression have different properties than
>> file compression.  I would guess that network traffic actually is easier
>> to compress than files, on average; a lot of network traffic are verbose
>> text protocols.
>> /Simon
>> _______________________________________________
>> Gnutls-devel mailing list
>> Gnutls-devel at
> -- 
> - John

More information about the Gnutls-devel mailing list