[Dovecot] SSL + compression?

Johannes Berg johannes at sipsolutions.net
Sat Jun 21 01:17:48 EEST 2008


On Sat, 2008-06-21 at 00:13 +0200, Johannes Berg wrote:
> > > Back to the original question - discount SSH - how do we get
> > > compression + SSL out of openssl..
> > 
> > I don't think it's possible. OpenSSL says, in the NOTES section of
> > SSL_COMP_add_compression_method(3):
> > 
> >         The TLS standard (or SSLv3) allows the integration of
> >         compression methods into the communication. The TLS RFC does
> >         however not specify compression methods or their corresponding
> >         identifiers, so there is currently no compatible way to
> >         integrate compression with unknown peers. It is therefore
> >         currently not recommended to integrate compression into
> >         applications. Applications for non-public use may agree on
> >         certain compression methods. Using different compression methods
> >         with the same identifier will lead to connection failure.
> 
> However, there is http://tools.ietf.org/html/draft-ietf-tls-compression,
> but openssl doesn't support that (only zlib and rle)

I'm way behind the times.
http://www.faqs.org/rfc/rfc3749.txt

johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080621/494ef257/attachment-0001.bin 


More information about the dovecot mailing list