Proxy problem: "[COMPRESSIONACTIVE] TLS compression already enabled"

Timo Sirainen tss at iki.fi
Tue Oct 14 23:58:39 UTC 2014


On 14 Oct 2014, at 16:39, Timo Sirainen <tss at iki.fi> wrote:

> On 14 Oct 2014, at 16:10, Marc Schiffbauer <m at sys4.de> wrote:
> 
>> * Timo Sirainen schrieb am 15.10.14 um 00:57 Uhr:
>>> On 14 Oct 2014, at 15:24, Ralf Hildebrandt <r at sys4.de> wrote:
>>> 
>>>> We're proxying using 2.2.14~rc1 (on our IMAP Proxy) to two dovecot
>>>> backend servers running dovecot-2.2.13-r1
>>>> 
>>>> When we're using Thundebird to connect to the dovecot proxy, we're
>>>> getting the message "The mail server for account ACCOUNTNAME
>>>> responded: [COMPRESSIONACTIVE] TLS compression already enabled"
>>>> 
>>>> But why?
>>> 
>>> Is the connection from proxy to backend using SSL? Did this work in earlier Dovecot version?
>> 
>> I talked to Ralf about this issue today. Yes, proxy to backend is using ssl. And yes when proxy is talking to a 2.1.17 backend there is no issue.
> 
> Right .. If the TLS connection already has compression enabled, Dovecot will refuse COMPRESS command. But it should be checking this against the original client's TLS connection and not the proxy's. As a workaround you could set in Dovecot backends "ssl_options = no_compression". I'll try to figure out how this should be fixed properly.

After thinking about this for a while, I decided to simply remove the check: http://hg.dovecot.org/dovecot-2.2/rev/e3b9cd19c33d

Annoyingly it now leaves a bunch of unused code for setting the tls_compression flag. But it's a bit annoying to remove that code also.



More information about the dovecot mailing list