Leveraging OpenSSL 3.2 TLS certificate compression?

[centminmod]

OpenSSL 3.2 supports TLS certificate compression https://www.openssl.org/blog/blog/2023/11/23/OpenSSL32/ and was wondering if Nginx/Angie can benefit from such for serving SSL certificates for HTTPS?

Litespeed web server uses BoringSSL, and they improved HTTPS performance with their spin on SSL certificate compression, I believe. Not sure if their SSL certificate compression is something unique to using BoringSSL as opposed to OpenSSL?

I just updated my Centmin Mod LEMP stack with Angie optional support and looking good so far with OpenSSL 1.1.1, OpenSSL 3 and BoringSSL. :)

On AlmaLinux 8

nginx -V
Angie version: Angie/1.4.0 (030124-054935-almalinux8-kvm-7775154)
built by gcc 13.1.1 20230614 (Red Hat 13.1.1-4) (GCC)
built with OpenSSL 1.1.1w 11 Sep 2023

nginx -V
Angie version: Angie/1.4.0 (030124-062812-almalinux8-kvm-7775154)
built by gcc 13.1.1 20230614 (Red Hat 13.1.1-4) (GCC) 
built with OpenSSL 3.2.0 23 Nov 2023

nginx -V
Angie version: Angie/1.4.0 (030124-063836-almalinux8-kvm-7775154)
built by gcc 13.1.1 20230614 (Red Hat 13.1.1-4) (GCC) 
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)

[VBart]

AFAIK, it's enabled by default as long as you use Angie/nginx with OpenSSL 3.2.

[centminmod]

Nice. So that applies to both Angie and open source Nginx 1.25.x built with OpenSSL 3.2? Or just Angie?

[VBart]

For both.