tls: Add certificate compression support (RFC 8879) (envoyproxy#42690)

Add TLS certificate compression with brotli and zlib algorithms.
This reduces TLS handshake size, especially beneficial for QUIC where
the ServerHello needs to fit in the initial
response.

The existing QUIC-only certificate compression implementation has been
refactored to be shared between QUIC and TCP TLS. The QUIC wrapper now
delegates to the common TLS implementation for
backward compatibility. 

Fixes envoyproxy#42682

Signed-off-by: Doogie Min <doogie.min@sendbird.com>

Author: bellatoris

changelogs/current.yaml

@@ -235,6 +235,12 @@ removed_config_or_runtime:
 # *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
 
 new_features:
+- area: tls
+  change: |
+    Extended TLS certificate compression (RFC 8879): added brotli to QUIC (which already supported zlib),
+    and added brotli and zlib to TCP TLS. Controlled by runtime flag
+    ``envoy.reloadable_features.tls_certificate_compression_brotli`` (defaults to ``true``).
+    When disabled, QUIC retains zlib-only compression, while TCP TLS has no compression.
 - area: dynamic_modules
   change: |
     Added custom metrics (counters, gauges, histograms) support to load balancer dynamic modules.

source/common/quic/BUILD

@@ -122,7 +122,6 @@ envoy_cc_library(
         ":quic_io_handle_wrapper_lib",
         ":quic_transport_socket_factory_lib",
         "//envoy/ssl:tls_certificate_config_interface",
-        "//source/common/quic:cert_compression_lib",
         "//source/common/quic:quic_server_transport_socket_factory_lib",
         "//source/common/stream_info:stream_info_lib",
         "//source/server:listener_stats",
@@ -504,6 +503,7 @@ envoy_cc_library(
         "//source/common/protobuf:utility_lib",
         "//source/common/quic:quic_io_handle_wrapper_lib",
         "//source/common/runtime:runtime_lib",
+        "//source/common/tls:cert_compression_lib",
         "@quiche//:quic_core_config_lib",
         "@quiche//:quic_core_http_header_list_lib",
         "@quiche//:quic_platform",
@@ -525,12 +525,12 @@ envoy_cc_library(
     ]),
     deps = envoy_select_enable_http3([
         ":envoy_quic_proof_verifier_lib",
+        ":envoy_quic_utils_lib",
         "//envoy/network:transport_socket_interface",
         "//envoy/server:transport_socket_config_interface",
         "//envoy/ssl:context_config_interface",
         "//source/common/common:assert_lib",
         "//source/common/network:transport_socket_options_lib",
-        "//source/common/quic:cert_compression_lib",
         "//source/common/tls:client_ssl_socket_lib",
         "//source/common/tls:context_config_lib",
         "@quiche//:quic_core_crypto_crypto_handshake_lib",
@@ -730,16 +730,3 @@ envoy_cc_library(
         "@quiche//:quic_core_types_lib",
     ]),
 )
-
-envoy_cc_library(
-    name = "cert_compression_lib",
-    srcs = envoy_select_enable_http3(["cert_compression.cc"]),
-    hdrs = envoy_select_enable_http3(["cert_compression.h"]),
-    external_deps = ["ssl"],
-    deps = envoy_select_enable_http3([
-        "//bazel:zlib",
-        "//source/common/common:assert_lib",
-        "//source/common/common:logger_lib",
-        "//source/common/runtime:runtime_lib",
-    ]),
-)

source/common/quic/cert_compression.cc

@@ -4,10 +4,8 @@
 
 #include "envoy/ssl/tls_certificate_config.h"
 
-#include "source/common/quic/cert_compression.h"
 #include "source/common/quic/envoy_quic_utils.h"
 #include "source/common/quic/quic_io_handle_wrapper.h"
-#include "source/common/runtime/runtime_features.h"
 #include "source/common/stream_info/stream_info_impl.h"
 
 #include "openssl/bytestring.h"
@@ -115,9 +113,7 @@ void EnvoyQuicProofSource::updateFilterChainManager(
   filter_chain_manager_ = &filter_chain_manager;
 }
 
-void EnvoyQuicProofSource::OnNewSslCtx(SSL_CTX* ssl_ctx) {
-  CertCompression::registerSslContext(ssl_ctx);
-}
+void EnvoyQuicProofSource::OnNewSslCtx(SSL_CTX* ssl_ctx) { registerCertCompression(ssl_ctx); }
 
 } // namespace Quic
 } // namespace Envoy

source/common/quic/cert_compression.h

@@ -27,6 +27,7 @@
 #include "source/common/protobuf/utility.h"
 #include "source/common/quic/quic_io_handle_wrapper.h"
 #include "source/common/runtime/runtime_features.h"
+#include "source/common/tls/cert_compression.h"
 
 #include "absl/numeric/int128.h"
 #include "absl/strings/str_cat.h"
@@ -444,5 +445,13 @@ quic::QuicEcnCodepoint getQuicEcnCodepointFromTosByte(uint8_t tos_byte) {
   return static_cast<quic::QuicEcnCodepoint>(tos_byte & kEcnMask);
 }
 
+void registerCertCompression(SSL_CTX* ssl_ctx) {
+  if (Runtime::runtimeFeatureEnabled(
+          "envoy.reloadable_features.tls_certificate_compression_brotli")) {
+    Extensions::TransportSockets::Tls::CertCompression::registerBrotli(ssl_ctx);
+  }
+  Extensions::TransportSockets::Tls::CertCompression::registerZlib(ssl_ctx);
+}
+
 } // namespace Quic
 } // namespace Envoy

source/common/quic/envoy_quic_proof_source.cc

@@ -221,5 +221,8 @@ void configQuicInitialFlowControlWindow(const envoy::config::core::v3::QuicProto
 // Extract the two ECN bits from the TOS byte in the IP header.
 quic::QuicEcnCodepoint getQuicEcnCodepointFromTosByte(uint8_t tos_byte);
 
+// Register TLS certificate compression algorithms (RFC 8879) for QUIC.
+void registerCertCompression(SSL_CTX* ssl_ctx);
+
 } // namespace Quic
 } // namespace Envoy

source/common/quic/envoy_quic_utils.cc

@@ -4,9 +4,8 @@
 
 #include "envoy/extensions/transport_sockets/quic/v3/quic_transport.pb.validate.h"
 
-#include "source/common/quic/cert_compression.h"
 #include "source/common/quic/envoy_quic_proof_verifier.h"
-#include "source/common/runtime/runtime_features.h"
+#include "source/common/quic/envoy_quic_utils.h"
 #include "source/common/tls/context_config_impl.h"
 
 #include "quiche/quic/core/crypto/quic_client_session_cache.h"
@@ -92,7 +91,7 @@ std::shared_ptr<quic::QuicCryptoClientConfig> QuicClientTransportSocketFactory::
         std::make_unique<Quic::EnvoyQuicProofVerifier>(std::move(context), accept_untrusted),
         std::make_unique<quic::QuicClientSessionCache>());
 
-    CertCompression::registerSslContext(tls_config.crypto_config_->ssl_ctx());
+    registerCertCompression(tls_config.crypto_config_->ssl_ctx());
   }
   // Return the latest crypto config.
   return tls_config.crypto_config_;

source/common/quic/envoy_quic_utils.h

@@ -92,6 +92,7 @@ RUNTIME_GUARD(envoy_reloadable_features_skip_dns_lookup_for_proxied_requests);
 RUNTIME_GUARD(envoy_reloadable_features_tcp_proxy_odcds_over_ads_fix);
 RUNTIME_GUARD(envoy_reloadable_features_tcp_proxy_set_idle_timer_immediately_on_new_connection);
 RUNTIME_GUARD(envoy_reloadable_features_test_feature_true);
+RUNTIME_GUARD(envoy_reloadable_features_tls_certificate_compression_brotli);
 RUNTIME_GUARD(envoy_reloadable_features_trace_refresh_after_route_refresh);
 RUNTIME_GUARD(envoy_reloadable_features_udp_set_do_not_fragment);
 RUNTIME_GUARD(envoy_reloadable_features_uhv_allow_malformed_url_encoding);

source/common/quic/quic_client_transport_socket_factory.cc

@@ -182,6 +182,7 @@ envoy_cc_library(
     # TLS is core functionality.
     visibility = ["//visibility:public"],
     deps = [
+        ":cert_compression_lib",
         ":stats_lib",
         ":utility_lib",
         "//envoy/ssl:context_config_interface",
@@ -259,3 +260,18 @@ envoy_cc_library(
         "//source/common/network:address_lib",
     ],
 )
+
+envoy_cc_library(
+    name = "cert_compression_lib",
+    srcs = ["cert_compression.cc"],
+    hdrs = ["cert_compression.h"],
+    external_deps = ["ssl"],
+    deps = [
+        "//bazel:zlib",
+        "//envoy/ssl:context_config_interface",
+        "//source/common/common:assert_lib",
+        "//source/common/common:logger_lib",
+        "@brotli//:brotlidec",
+        "@brotli//:brotlienc",
+    ],
+)