[Dovecot] compressed IMAP traffic

Patrick Domack patrickdk at patrickdk.com
Tue Sep 29 07:31:47 EEST 2009


Ok last info.

using OpenSSL 0.9.8g
openssl s_client -connect host:993

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
     Protocol  : SSLv3
     Cipher    : DHE-RSA-AES256-SHA
     Session-ID:  
1E5412EC32463E66FC75D761A4D48CF6ED416187F32A81F6DAC3DA4E9028E2DE
     Session-ID-ctx:
     Master-Key:  
B0E15199867D8B48F31F8776C7E439542F4D1A7B33239814CE0C5FF564CB007DE431E9357DF120E7AF347CD1E934CE83
     Key-Arg   : None
    Compression: 1 (zlib compression)
     Start Time: 1254198546
     Timeout   : 7200 (sec)


Quoting Patrick Domack <patrickdk at patrickdk.com>:

> Just playing some more and noticed using:
> gnutls-cli (GnuTLS) 2.4.2
>
> always says compression isn't supported, even when version 2.0.4 says it was.
>
> gnutls-cli 2.4.2 from ubuntu 9.04 x64, Compression: DEFLATE, NULL
>
> gnutls-cli 2.0.4 from ubuntu 8.04 x64, Compression: LZO, DEFLATE, NULL
>
> I also noticed 2.4.2 would connect using aes-128, whereas 2.0.4 would
> connect using aes-256
>
>
> Quoting Patrick Domack <patrickdk at patrickdk.com>:
>
>> The command I used was:
>>
>> gnutls-cli --protocols NORMAL:+COMP-DEFLATE --insecure -p 993
>>
>> I have tried the --comp option, but it always fails for me (ubuntu 8.04)
>>
>> gnutls-cli (GnuTLS) 2.0.4
>>
>> Redhat is 5.3
>> Freebsd is 6.3
>>
>>
>> Quoting Leonardo Rodrigues <leolistas at solutti.com.br>:
>>
>>> Timo Sirainen escreveu:
>>>>
>>>> And DEFLATE gives the exact same error? LZO isn't supported by OpenSSL.
>>>>
>>>>
>>>  yes ... error from DEFLATE and LZO are exactly the same on
>>> gnutls-cli output and maillog on the CentOS 5.3 box.
>>>
>>>> Well, not the same server but looks like this one works too:
>>>>
>>>> gnutls-cli --priority NORMAL:+COMP-DEFLATE -p 993 secure.emailsrvr.com
>>>>
>>>> And just for fun I tried imap.gmail.com, that didn't support
>>>> compression.
>>>>
>>>
>>>  i had tried imap.gmail.com too :)
>>>
>>>  interesting findings ..... from CentOS 5.3, i cant get any
>>> compression method to work:
>>>
>>> [root at correio dovecot]# gnutls-cli --insecure -p 993 -p 993
>>> secure.emailsrvr.com --comp LZO DEFLATE NULL [ ......]
>>> - Version: TLS 1.0
>>> - Key Exchange: DHE RSA
>>> - Cipher: AES 256 CBC
>>> - MAC: SHA
>>> - Compression: NULL
>>>
>>>  but from a Fedora 8 box:
>>>
>>> [root at correio ~]# gnutls-cli --insecure -p 993 -p 993
>>> secure.emailsrvr.com --comp LZO DEFLATE NULL
>>> [ ......]
>>> - Version: TLS 1.0
>>> - Key Exchange: DHE RSA
>>> - Cipher: AES 256 CBC
>>> - MAC: SHA
>>> - Compression: DEFLATE
>>>
>>>
>>>  and Fedora 8 OpenSSL is even older than CentOS 5.3 one:
>>>
>>> CentOS 5.3:
>>> [root at correio dovecot]# rpm -qi openssl
>>> Name        : openssl                      Relocations: (not relocatable)
>>> Version     : 0.9.8e                            Vendor: CentOS
>>> Release     : 12.el5                        Build Date: Fri 04 Sep 2009
>>> 09:33:56 AM BRT
>>>
>>> Fedora 8:
>>> [root at correio ~]# rpm -qi openssl
>>> Name        : openssl                      Relocations: (not relocatable)
>>> Version     : 0.9.8b                            Vendor: Fedora Project
>>> Release     : 17.fc8                        Build Date: Mon 15 Oct 2007
>>> 07:56:22 PM BRST
>>>
>>>  probably there's some build option on CentOS that is disabling
>>> compression. If 0.9.8b on Fedora8 built in October/2007 can do it, so
>>> 0.9.8e on CentOS 5.3 built on September/2009 should be able to do it
>>> too ....... oh boy, i really hate those weirds compilation options from
>>> Redhat  .... :\
>>>
>>> -- 
>>>
>>>
>>> 	Atenciosamente / Sincerily,
>>> 	Leonardo Rodrigues
>>> 	Solutti Tecnologia
>>> 	http://www.solutti.com.br
>>>
>>> 	Minha armadilha de SPAM, NÃO mandem email
>>> 	gertrudes at solutti.com.br
>>> 	My SPAMTRAP, do not email it





More information about the dovecot mailing list