diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro
index 858fa343bb..e79890f711 100644
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@@ -177,7 +177,7 @@ function finish(c: connection, remove_analyzer: bool)
 		}
 	}
 
-event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) &priority=5
+event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5
 	{
 	set_session(c);
 
diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif
index 2855dd7fe9..a3b77e622d 100644
--- a/src/analyzer/protocol/ssl/events.bif
+++ b/src/analyzer/protocol/ssl/events.bif
@@ -24,10 +24,13 @@
 ##          standardized as part of the SSL/TLS protocol. The
 ##          :bro:id:`SSL::cipher_desc` table maps them to descriptive names.
 ##
+## comp_methods: The list of compression methods that the client offered to use.
+##               This value is not sent in TLSv1.3 or SSLv2.
+##
 ## .. bro:see:: ssl_alert ssl_established ssl_extension ssl_server_hello
 ##    ssl_session_ticket_handshake x509_certificate ssl_handshake_message
 ##    ssl_change_cipher_spec
-event ssl_client_hello%(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec%);
+event ssl_client_hello%(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec%);
 
 ## Generated for an SSL/TLS server's initial *hello* message. SSL/TLS sessions
 ## start with an unencrypted handshake, and Bro extracts as much information out
@@ -59,7 +62,7 @@ event ssl_client_hello%(c: connection, version: count, possible_ts: time, client
 ##
 ## comp_method: The compression method chosen by the client. The values are
 ##              standardized as part of the SSL/TLS protocol. This value is not
-##              sent in TLSv1.3.
+##              sent in TLSv1.3 or SSLv2.
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension
 ##    ssl_session_ticket_handshake x509_certificate ssl_server_curve
diff --git a/src/analyzer/protocol/ssl/proc-client-hello.pac b/src/analyzer/protocol/ssl/proc-client-hello.pac
index 601d0fce94..cf016dfafe 100644
--- a/src/analyzer/protocol/ssl/proc-client-hello.pac
+++ b/src/analyzer/protocol/ssl/proc-client-hello.pac
@@ -3,7 +3,8 @@
 					client_random : bytestring,
 					session_id : uint8[],
 					cipher_suites16 : uint16[],
-					cipher_suites24 : uint24[]) : bool
+					cipher_suites24 : uint24[],
+					compression_methods: uint8[]) : bool
 		%{
 		if ( ! version_ok(version) )
 			{
@@ -28,11 +29,21 @@
 				cipher_vec->Assign(i, ciph);
 				}
 
+			VectorVal* comp_vec = new VectorVal(internal_type("index_vec")->AsVectorType());
+			if ( compression_methods )
+				{
+				for ( unsigned int i = 0; i < compression_methods->size(); ++i )
+					{
+					Val* comp = new Val((*compression_methods)[i], TYPE_COUNT);
+					comp_vec->Assign(i, comp);
+					}
+				}
+
 			BifEvent::generate_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
 							version, ts, new StringVal(client_random.length(),
 							(const char*) client_random.data()),
 							to_string_val(session_id),
-							cipher_vec);
+							cipher_vec, comp_vec);
 
 			delete cipher_suites;
 			}
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index 3d61b215a2..4edccefec7 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -38,7 +38,7 @@ refine typeattr V2Error += &let {
 
 refine typeattr V2ClientHello += &let {
 	proc : bool = $context.connection.proc_client_hello(client_version, 0,
-				challenge, session_id, 0, ciphers);
+				challenge, session_id, 0, ciphers, 0);
 };
 
 refine typeattr V2ServerHello += &let {
diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
index a4f4f94c6f..ed0900d6b3 100644
--- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
@@ -257,7 +257,7 @@ refine connection Handshake_Conn += {
 refine typeattr ClientHello += &let {
 	proc : bool = $context.connection.proc_client_hello(client_version,
 				gmt_unix_time, random_bytes,
-				session_id, csuits, 0);
+				session_id, csuits, 0, cmeths);
 };
 
 refine typeattr ServerHello += &let {
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.comp_methods/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.comp_methods/.stdout
new file mode 100644
index 0000000000..29fdb51129
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.comp_methods/.stdout
@@ -0,0 +1,2 @@
+[1, 0]
+0
diff --git a/testing/btest/scripts/base/protocols/ssl/comp_methods.test b/testing/btest/scripts/base/protocols/ssl/comp_methods.test
new file mode 100644
index 0000000000..041ddd18e3
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ssl/comp_methods.test
@@ -0,0 +1,14 @@
+# This tests that the values sent for compression methods are correct.
+
+# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
+	{
+	print comp_methods;
+	}
+
+event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count)
+	{
+	print comp_method;
+	}
diff --git a/testing/btest/scripts/base/protocols/ssl/dpd.test b/testing/btest/scripts/base/protocols/ssl/dpd.test
index dc514ff9d4..fd9d879bb4 100644
--- a/testing/btest/scripts/base/protocols/ssl/dpd.test
+++ b/testing/btest/scripts/base/protocols/ssl/dpd.test
@@ -13,7 +13,7 @@ event bro_init()
 	print "Start test run";
 	}
 
-event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) &priority=5
+event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5
 	{
 	print "Client hello", c$id$orig_h, c$id$resp_h, version;
 	}
diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
index e005e82e03..337410afaf 100644
--- a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
+++ b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
@@ -3,7 +3,7 @@
 # @TEST-EXEC: touch dpd.log
 # @TEST-EXEC: btest-diff dpd.log
 
-event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec)
+event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
 	{
 	print version, client_random, session_id, ciphers;
 	}
diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test
index d69bd31563..3e406c6740 100644
--- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test
@@ -1,7 +1,7 @@
 # @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
-event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) 
+event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
 	{
 	print fmt("Got %d cipher suites", |ciphers|);
 	for ( i in ciphers )
diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test
index 7434b289cc..6c236c61f4 100644
--- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test
@@ -1,12 +1,12 @@
 # @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
-event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) 
+event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
  	{
 	print client_random;
  	}
- 
-event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) 
+
+event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count)
 	{
 	print server_random;
 	}