[Dovecot] SSL + compression?

Johannes Berg johannes at sipsolutions.net
Sat Jun 21 01:09:26 EEST 2008


On Fri, 2008-06-20 at 23:04 +0100, Ed W wrote:
> Johannes Berg wrote: 
> > > I don't think it does be default. The only what I know is to establish a 
> > > compressed SSH tunnel to your server and then access the server over the 
> > > tunnel. It will compress and give you an extra layer of encryption.
> > >     
> > 
> > Umm, no. It will not compress. Think about it, encrypted data is
> > fundamentally not compressible, that's the whole point.
> > 
> >   
> 
> We are way off topic...

:)

> Back to the original question - discount SSH - how do we get
> compression + SSL out of openssl..

I don't think it's possible. OpenSSL says, in the NOTES section of
SSL_COMP_add_compression_method(3):

        The TLS standard (or SSLv3) allows the integration of
        compression methods into the communication. The TLS RFC does
        however not specify compression methods or their corresponding
        identifiers, so there is currently no compatible way to
        integrate compression with unknown peers. It is therefore
        currently not recommended to integrate compression into
        applications. Applications for non-public use may agree on
        certain compression methods. Using different compression methods
        with the same identifier will lead to connection failure.

johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080621/21879112/attachment.bin 


More information about the dovecot mailing list