Compressing Certificates in TLS | The Backend Engineering Show
The Backend Engineering Show with Hussein Nasser
English - November 08, 2022 03:33 - 34 minutes - 23.4 MB - ★★★★★ - 5 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Fundamentals of Backend Engineering Design patterns udemy course (link redirects to udemy with coupon)
https://backend.husseinnasser.com
Certificates provide a way to authenticate both the server and the client and are included as part of the TLS handshake. However, the certificates can be large because the full certificate chain is included in the handshake. The large certificates can go up to 10KB in size and take multiple segments to deliver and assemble. RFC 8879 discusses how TLS compression can be achieved, I discuss that in this podcast. Enjoy.
0:00 Intro
4:15 Certificate Chain
6:00 Faking the chain
8:50 Certificate Stores
10:30 Including ROOT cert in the chain
12:00 The performance penalty of large certificate chain
20:15 RFC 8879 TLS Certificate Compression
23:00 How Compression Works in TLS 1.2 vs TLS 1.3
30:30 What could go wrong?
Resources
https://datatracker.ietf.org/doc/rfc8879/
https://www.rfc-editor.org/rfc/rfc5246
https://www.rfc-editor.org/rfc/rfc6928.html