[Dovecot] SSL + compression?

Timo Sirainen tss at iki.fi
Sat Jun 21 04:31:17 EEST 2008


On Sat, 2008-06-21 at 00:17 +0200, Johannes Berg wrote:
> On Sat, 2008-06-21 at 00:13 +0200, Johannes Berg wrote:
> > > > Back to the original question - discount SSH - how do we get
> > > > compression + SSL out of openssl..
> > > 
> > > I don't think it's possible. OpenSSL says, in the NOTES section of
> > > SSL_COMP_add_compression_method(3):
> > > 
> > >         The TLS standard (or SSLv3) allows the integration of
> > >         compression methods into the communication. The TLS RFC does
> > >         however not specify compression methods or their corresponding
> > >         identifiers, so there is currently no compatible way to
> > >         integrate compression with unknown peers. It is therefore
> > >         currently not recommended to integrate compression into
> > >         applications. Applications for non-public use may agree on
> > >         certain compression methods. Using different compression methods
> > >         with the same identifier will lead to connection failure.
> > 
> > However, there is http://tools.ietf.org/html/draft-ietf-tls-compression,
> > but openssl doesn't support that (only zlib and rle)
> 
> I'm way behind the times.
> http://www.faqs.org/rfc/rfc3749.txt

Looking at OpenSSL code, I think the patch below will give 0.9.8 ability
to support deflate compression. I'm not sure if I should include that to
Dovecot though. At least not for v1.1. :)

diff -r 68a0be847980 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c      Fri Jun 20 12:20:17 2008 +0300
+++ b/src/login-common/ssl-proxy-openssl.c      Sat Jun 21 04:29:51 2008 +0300
@@ -719,6 +719,7 @@
                                 ssl_clean_free);
        SSL_library_init();
        SSL_load_error_strings();
+       (void)SSL_COMP_get_compression_methods();
 
        extdata_index = SSL_get_ex_new_index(0, dovecot, NULL, NULL, NULL);
 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080621/623db546/attachment.bin 


More information about the dovecot mailing list