[Dovecot] SSL / TLS
Timo Sirainen
tss at iki.fi
Mon Jul 27 04:41:19 EEST 2009
On Sun, 2009-07-12 at 19:41 +0100, Ed W wrote:
> Actually that ended up being mainly about the COMPRESS protocol
> extension - that is interesting, but I personally doubt it offers much
> extra over a simple outer layer protocol compression algorithm, eg
> native SSL compression. (However, would settle for either/both...).
> Some time back you suggested the SSL compression fix was a one liner on
> the dovecot side though?
After trying ages to figure this out, I finally found out that it
already works for SSL, as long as OpenSSL is compiled with zlib support.
You can verify this with gnutls-cli (but not openssl s_client):
gnutls-cli --priority NORMAL:+COMP-DEFLATE -p 993 --insecure localhost
..
- Compression: DEFLATE
Also interestingly enough I couldn't make compression work with
gnutls-serv..
> As an aside would it help to have some sample code for zlib?
Maybe some small sample code could be useful. Although I could also look
at how GNUTLS does it.
> My problem
> is I don't know where to add it for the COMPRESS protocol
> implementation... Zlib itself is pretty straightforward though.
If you (or someone) can implement deflate istream and inflate ostream
code for Dovecot, I can do the rest.
BTW. For Dovecot v2.0 I'm also thinking about changing ssl-proxy code to
be ssl-istream and ssl-ostream instead and then make a bit more generic
login-proxy where you can give any i/ostreams. That'll also make
implementing COMPRESS support easier..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090726/78bb9c4f/attachment.bin
More information about the dovecot
mailing list