[Dovecot] compressed IMAP traffic
Patrick Domack
patrickdk at patrickdk.com
Tue Sep 29 07:31:47 EEST 2009
Ok last info.
using OpenSSL 0.9.8g
openssl s_client -connect host:993
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA
Session-ID:
1E5412EC32463E66FC75D761A4D48CF6ED416187F32A81F6DAC3DA4E9028E2DE
Session-ID-ctx:
Master-Key:
B0E15199867D8B48F31F8776C7E439542F4D1A7B33239814CE0C5FF564CB007DE431E9357DF120E7AF347CD1E934CE83
Key-Arg : None
Compression: 1 (zlib compression)
Start Time: 1254198546
Timeout : 7200 (sec)
Quoting Patrick Domack <patrickdk at patrickdk.com>:
> Just playing some more and noticed using:
> gnutls-cli (GnuTLS) 2.4.2
>
> always says compression isn't supported, even when version 2.0.4 says it was.
>
> gnutls-cli 2.4.2 from ubuntu 9.04 x64, Compression: DEFLATE, NULL
>
> gnutls-cli 2.0.4 from ubuntu 8.04 x64, Compression: LZO, DEFLATE, NULL
>
> I also noticed 2.4.2 would connect using aes-128, whereas 2.0.4 would
> connect using aes-256
>
>
> Quoting Patrick Domack <patrickdk at patrickdk.com>:
>
>> The command I used was:
>>
>> gnutls-cli --protocols NORMAL:+COMP-DEFLATE --insecure -p 993
>>
>> I have tried the --comp option, but it always fails for me (ubuntu 8.04)
>>
>> gnutls-cli (GnuTLS) 2.0.4
>>
>> Redhat is 5.3
>> Freebsd is 6.3
>>
>>
>> Quoting Leonardo Rodrigues <leolistas at solutti.com.br>:
>>
>>> Timo Sirainen escreveu:
>>>>
>>>> And DEFLATE gives the exact same error? LZO isn't supported by OpenSSL.
>>>>
>>>>
>>> yes ... error from DEFLATE and LZO are exactly the same on
>>> gnutls-cli output and maillog on the CentOS 5.3 box.
>>>
>>>> Well, not the same server but looks like this one works too:
>>>>
>>>> gnutls-cli --priority NORMAL:+COMP-DEFLATE -p 993 secure.emailsrvr.com
>>>>
>>>> And just for fun I tried imap.gmail.com, that didn't support
>>>> compression.
>>>>
>>>
>>> i had tried imap.gmail.com too :)
>>>
>>> interesting findings ..... from CentOS 5.3, i cant get any
>>> compression method to work:
>>>
>>> [root at correio dovecot]# gnutls-cli --insecure -p 993 -p 993
>>> secure.emailsrvr.com --comp LZO DEFLATE NULL [ ......]
>>> - Version: TLS 1.0
>>> - Key Exchange: DHE RSA
>>> - Cipher: AES 256 CBC
>>> - MAC: SHA
>>> - Compression: NULL
>>>
>>> but from a Fedora 8 box:
>>>
>>> [root at correio ~]# gnutls-cli --insecure -p 993 -p 993
>>> secure.emailsrvr.com --comp LZO DEFLATE NULL
>>> [ ......]
>>> - Version: TLS 1.0
>>> - Key Exchange: DHE RSA
>>> - Cipher: AES 256 CBC
>>> - MAC: SHA
>>> - Compression: DEFLATE
>>>
>>>
>>> and Fedora 8 OpenSSL is even older than CentOS 5.3 one:
>>>
>>> CentOS 5.3:
>>> [root at correio dovecot]# rpm -qi openssl
>>> Name : openssl Relocations: (not relocatable)
>>> Version : 0.9.8e Vendor: CentOS
>>> Release : 12.el5 Build Date: Fri 04 Sep 2009
>>> 09:33:56 AM BRT
>>>
>>> Fedora 8:
>>> [root at correio ~]# rpm -qi openssl
>>> Name : openssl Relocations: (not relocatable)
>>> Version : 0.9.8b Vendor: Fedora Project
>>> Release : 17.fc8 Build Date: Mon 15 Oct 2007
>>> 07:56:22 PM BRST
>>>
>>> probably there's some build option on CentOS that is disabling
>>> compression. If 0.9.8b on Fedora8 built in October/2007 can do it, so
>>> 0.9.8e on CentOS 5.3 built on September/2009 should be able to do it
>>> too ....... oh boy, i really hate those weirds compilation options from
>>> Redhat .... :\
>>>
>>> --
>>>
>>>
>>> Atenciosamente / Sincerily,
>>> Leonardo Rodrigues
>>> Solutti Tecnologia
>>> http://www.solutti.com.br
>>>
>>> Minha armadilha de SPAM, NÃO mandem email
>>> gertrudes at solutti.com.br
>>> My SPAMTRAP, do not email it
More information about the dovecot
mailing list