doc: removed any references to compression and documented change

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

3 files changed, 39 insertions, 40 deletions

diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index d562bf669e..37df31a5db 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1148,17 +1148,16 @@ with an 192 bit security level, as well as the enabling of the corresponding
 verification profile.
 
 @item NONE @tab
-Means nothing is enabled.  This disables even protocols and
-compression methods. It should be followed by the
-algorithms to be enabled.
+Means nothing is enabled.  This disables even protocol versions.
+It should be followed by the algorithms to be enabled.
 
 @end multitable
 @caption{Supported initial keywords.}
 @end float
 
 Unless the initial keyword is "NONE" the defaults (in preference
-order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0; for
-compression NULL; for certificate types X.509.
+order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0;
+for certificate types X.509.
 In key exchange algorithms when in NORMAL or SECURE levels the
 perfect forward secrecy algorithms take precedence of the other
 protocols.  In all cases all the supported key exchange algorithms
@@ -1184,8 +1183,7 @@ to this document algorithms and protocols are shown in @ref{tab:prio-algorithms}
 to list the supported algorithms in your currently using version use
 @code{gnutls-cli -l}.
 
-To avoid collisions in order to specify a compression algorithm in
-the priority string you have to prefix it with "COMP-", protocol versions
+To avoid collisions in order to specify a protocol version
 with "VERS-", signature algorithms with "SIGN-" and certificate types with "CTYPE-". 
 All other algorithms don't need a prefix. Each specified keyword (except
 for @emph{special keywords}) can be prefixed with any of the following
@@ -1313,11 +1311,7 @@ will use the latest TLS version record version in client hello.
 @headitem Keyword @tab Description
 
 @item %STATELESS_COMPRESSION @tab
-will disable keeping state across records when compressing. This may
-help to mitigate attacks when compression is used but an attacker
-is in control of input data. This has to be used only when the
-data that are possibly controlled by an attacker are placed in
-separate records.
+ignored; no longer used.
 
 @item %DISABLE_WILDCARDS @tab
 will disable matching wildcards when comparing hostnames
@@ -1404,8 +1398,8 @@ Specifying RSA with AES-128-CBC:
 Specifying the defaults plus ARCFOUR-128:
     "NORMAL:+ARCFOUR-128"
 
-Enabling the 128-bit secure ciphers, while disabling TLS 1.0 and enabling compression:
-    "SECURE128:-VERS-TLS1.0:+COMP-DEFLATE"
+Enabling the 128-bit secure ciphers, while disabling TLS 1.0:
+    "SECURE128:-VERS-TLS1.0"
 
 Enabling the 128-bit and 192-bit secure ciphers, while disabling all TLS versions 
 except TLS 1.2:
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 176ebca633..3f1ea66126 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -38,8 +38,10 @@ noted otherwise.
 @acronym{TLS} is a layered protocol, and consists of the record
 protocol, the handshake protocol and the alert protocol. The record
 protocol is to serve all other protocols and is above the transport
-layer.  The record protocol offers symmetric encryption, data
-authenticity, and optionally compression.
+layer.  The record protocol offers symmetric encryption, and data
+authenticity@footnote{In early versions of TLS compression was optionally
+available as well. This is no longer the case in recent versions of the
+protocol.}.
 The alert protocol offers some signaling to the other protocols. It
 can help informing the peer for the cause of failures and other error
 conditions.  @xref{The Alert Protocol}, for more information.  The
@@ -73,7 +75,7 @@ by providing callbacks for @acronym{GnuTLS} to access the transport layer
 @cindex record protocol
 
 The record protocol is the secure communications provider. Its purpose
-is to encrypt, authenticate and ---optionally--- compress packets.
+is to encrypt, and authenticate packets.
 The record layer functions can be called at any time after
 the handshake process is finished, when there is need to receive
 or send data. In @acronym{DTLS} however, due to re-transmission
@@ -91,7 +93,7 @@ just after the handshake protocol has finished.
 
 @menu
 * Encryption algorithms used in the record layer::
-* Compression algorithms used in the record layer::
+* Compression algorithms and the record layer::
 * Weaknesses and countermeasures::
 * On Record Padding::
 @end menu
@@ -200,30 +202,15 @@ GCM, is in use.
 @end float
 
 
-@node Compression algorithms used in the record layer
-@subsection Compression algorithms used in the record layer
+@node Compression algorithms and the record layer
+@subsection Compression algorithms and the record layer
 @cindex compression algorithms
 
-The TLS record layer also supports compression.  The algorithms
-implemented in @acronym{GnuTLS} can be found in the table below.
-The included algorithms perform really good when text, or other
-compressible data are to be transferred, but offer nothing on already
-compressed data, such as compressed images, zipped archives etc.
-These compression algorithms, may be useful in high bandwidth TLS
-tunnels, and in cases where network usage has to be minimized. It
-should be noted however that compression increases latency.
-
-The record layer compression in @acronym{GnuTLS} is implemented based
-on @xcite{RFC3749}. The supported algorithms are shown below.
-
-@showenumdesc{gnutls_compression_method_t,Supported compression algorithms}
-
-Note that compression enables attacks such as traffic analysis, or even
-plaintext recovery under certain circumstances. To avoid some of these
-attacks GnuTLS allows each record to be compressed independently (i.e.,
-stateless compression), by using the "%STATELESS_COMPRESSION" priority string,
-in order to be used in cases where the attacker controlled data are
-pt in separate records.
+In early versions of TLS the record layer supported compression. However,
+that proved to be problematic in many ways, and enabled several attacks
+based on traffic analysis on the transported data. For that newer versions of the protocol no longer
+offer compression, and @acronym{GnuTLS} since 3.6.0 no longer implements any
+support for compression.
 
 @node Weaknesses and countermeasures
 @subsection Weaknesses and countermeasures
diff --git a/doc/cha-upgrade.texi b/doc/cha-upgrade.texi
index b2ef4822f7..0401719ec9 100644
--- a/doc/cha-upgrade.texi
+++ b/doc/cha-upgrade.texi
@@ -182,3 +182,21 @@ however, several deprecated functions were removed, and are listed below.
 @tab @funcref{gnutls_privkey_sign_hash} with the flag GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA
 
 @end multitable
+
+@heading Upgrading to 3.6.x from 3.5.x
+
+GnuTLS 3.6.x is source and binary compatible with GnuTLS 3.5.x releases;
+however, there are minor differences, listed below.
+
+@multitable @columnfractions .30 .60
+@headitem Old function @tab Replacement
+
+@item The priority string "+COMP" are a no-op
+@tab Compression will no longer be available.
+
+@item The compression-related functions are deprecated
+@tab No longer use @funcintref{gnutls_compression_get},
+@funcintref{gnutls_compression_get_name}, @funcintref{gnutls_compression_list},
+and @funcintref{gnutls_compression_get_id}.
+
+@end multitable