If the peer has indicated that it supports compression, server and client MAY
compress their corresponding Certificate messages (Section 4.4.2
of RFC 8446
) and send them in the form of the CompressedCertificate message (replacing the Certificate message).
The CompressedCertificate message is formed as follows:
The algorithm used to compress the certificate. The algorithm MUST be one of the algorithms listed in the peer's compress_certificate extension.
The length of the Certificate message once it is uncompressed. If, afterdecompression, the specified length does not match the actual length, theparty receiving the invalid message MUST abort the connection with the"bad_certificate" alert. The presence of this field allows the receiver topreallocate the buffer for the uncompressed Certificate message and enforce limits on the message size before performing decompression.
The result of applying the indicated compression algorithm to the encodedCertificate message that would have been sent if certificate compression was notin use. The compression algorithm defines how thebytes in the compressed_certificate_message field are converted into theCertificate message.
If the specified compression algorithm is zlib, then the Certificate message MUST
be compressed with the ZLIB compression algorithm, as defined in [RFC 1950
]. If the specified compression algorithm is brotli, the Certificate message MUST
be compressed with the Brotli compression algorithm, as defined in [RFC 7932
]. If the specified compression algorithm is zstd, the Certificate message MUST
be compressed with the Zstandard compression algorithm, as defined in [RFC 8478
It is possible to define a certificate compression algorithm that uses a preshared dictionary to achieve a higher compression ratio. This document does not define any such algorithms, but additional codepoints may be allocated for such use per the policy in Section 7.3
If the received CompressedCertificate message cannot be decompressed, the connection MUST
be terminated with the "bad_certificate" alert.
If the format of the Certificate message is altered using the server_certificate_type or client_certificate_type extensions [RFC 7250
], the resulting altered message is compressed instead.