As defined in the RFC, the SSH protocol has negotiable compression support
(which is requested as the name "zlib"). Compression starts very early in
the session.
Relative early in OpenSSH lifetime, privsep was added to sshd, and this
required a shared-memory hack so the two processes could see what was going
on in the dataflow. This shared-memory hack was soon recognized as a tremendous
complexity risk, because it put libz (which very much trusts it's memory)
in a dangerous place, and a new option ("zlib@openssh.com") was added begins
compression after authentication (aka delayed-compression). That change
also permitted removal of the shared-memory hack.
Despite removal from the server, the old "zlib" support remained in the
client, to allow negotiation with non-OpenSSH daemons which lack the
delayed-compression option.
This commit deletes support for the older "zlib" option in the client.
It reduces our featureset in a small way, and encourages other servers
to move to a better design.
The SSH protocol is different enough that compressed-key-material attacks
like BEAST are unlikely, but who wants to take the chance?
We encourage other ssh servers who care about optional compression support
to add delayed-zlib support. (Some already do "zlib@openssh.com")
ok djm markus