Does iOS support TLS compression?

Question

I need to compress data sent over a secure channel in my iOS app and I was wondering if I could use TLS compression for the same. I am unable to figure out if Apple's TLS implementation, Secure Transport, supports the same.

Does anyone else know if TLS compression is supported in iOS or not?

Answer 1

I was trying to determine if Apple implementation of SSL/TLS did support compression, but I have to say that I am afraid it does not.

At first I was hopeful that having a errSSLPeerDecompressFail error code, there has to be a way to enable the compression. But I could not find it.

The first obvious reason that Apple doesn’t support compression is several wire captures I did from my device (6.1) opening secure sockets in different ports. In all of them the Client Hello packet reported only one compression method: null.

Then I looked at the last available code for libsecurity_ssl available from Apple. This is the implementation from Mac OS X 10.7.5, but something tells me that the iOS one will be very similar, if not the same, but surely it will not be more powerful than the Mac OS X one.

You can find in the file sslHandshakeHello.c, lines 186-187 (SSLProcessServerHello):

if (*p++ != 0)      /* Compression */
    return unimpErr;

That error code sounds a lot like “if the server sends another compression but null (0), we don’t implement that, so fail”.

Again, the same file, line 325 (SSLEncodeClientHello):

*p++ = 0; /* null compression */

And nothing else around (DEFLATE is the method 1, according to RFC 3749).

Below, lines 469, 476 and 482-483 (SSLProcessClientHello):

compressionCount = *(charPtr++);
...
/* Ignore list; we're doing null */
...
/* skip compression list */
charPtr += compressionCount;

I think it is pretty clear that this implementation only handles the null compression: it is the only one sent in the Client Hello, the only one understood in the Server Hello, and the compression methods are ignored when the Client Hello is received (null must be implemented and offered by every client).

So I think both you and me have to implement an application level compression. Good luck.