Re: [Dovecot] compressed IMAP traffic

28 Sep 2009

      Timo Sirainen escreveu:
...
See if you can get gnutls-cli from somewhere (gnutls-utils package I
think?). Using the gnutls-cli command from my previous mail would show
if your OpenSSL is at least able to use compression. Anyway I wouldn't
be surprised if you couldn't find any clients that are really able to
use compression.
i got gnutls-cli from gnutls-utils package ...  but it's probably a 
different version from yours, because yours exactly command line gives
error:
[root@correio dovecot]# gnutls-cli --priority NORMAL:+COMP-DEFLATE
--insecure -p 993 localhost
Invalid option 'priority'
Error in the arguments. Use the --help or -h parameters to get more
information.
[root@correio dovecot]#
[root@correio dovecot]# gnutls-cli --version

GNU TLS test client, version 1.4.1. Libgnutls 1.4.1.
[root@correio dovecot]#
from man page, i have the option:

   --comp comp1 comp2...
          Compression methods to enable (use gnutls-cli --list to 
show the supported compression methods).
--list gives
[root@correio dovecot]# gnutls-cli --list
Certificate types: X.509, OPENPGP
Protocols: TLS1.0, TLS1.1, SSL3.0
Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, ARCFOUR, ARCFOUR-40
MACs: MD5, RMD160, SHA1
Key exchange algorithms: RSA, RSA-EXPORT, DHE-DSS, DHE-RSA, DHE-PSK,
PSK, SRP, SRP-RSA, SRP-DSS, ANON-DH
Compression methods: DEFLATE, LZO, NULL
[root@correio dovecot]#
trying LZO and DEFLATE gives an error:
[root@correio dovecot]# gnutls-cli --insecure -p 993 localhost --comp
LZO

Resolving 'localhost'...
Connecting to '127.0.0.1:993'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [50]: Decode error
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
[root@correio dovecot]#
and in maillog:
Sep 28 15:35:05 correio dovecot: imap-login: Disconnected (no auth
attempts): rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept()
failed: error:1408A0BB:SSL routines:SSL3_GET_CLIENT_HELLO:no compression
specified
do the IMAP4 server you tried is remotely accessible so i can try 
from a different machine ? Maybe we're dealing with some client lack of
compatibility and not server one ......
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it