>You said that the max for all os is 16kB, so it >seems like ASSP should insure this isn't exceeded.
This is a limit for all SSL connections covered by a RFC. No one can exceed it. If this is ever changes - assp reads from SSL sockets until the SSL buffer is empty This is done, because if there are bytes left in the SSL buffer, not the server nor the client are able to do a SSL-renegotiation. If this limit is ever set to 32kB and anyone is using this, assp will read two times 16kB without a loop cycle - or I've change the code. >But both messages are from Google, so I think they either would or wouldn't >send size, and it wouldn't be dependent on SSL. ( I turn TLS on and off for >Google using NoTLS ip ranges which I get from their SPF) Who knows? But it is possible. >We need to start a campaign to have Google send more than 1440 bytes per SSL frame. good luck :) It may be a better idea to call the google support of your country and to ask - possibly you'll get a helpfull answer after some time. >Any chance that it's something they have that (seemingly pretty low) limit set just for good old me? - anything in your infrastructure (too low MTU , high paket fragmentation) - the negotiated SSL parameters - bad IP reputation - abused google DNS servers - unpayed bills :) stop! now it is getting corny :) Thomas Von: K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 27.09.2016 16:39 Betreff: Re: [Assp-test] Inbound TLS from gmail.com addresses / servers Consolidated replies below to a couple of your messages Thomas. On Tue, Sep 27, 2016 at 8:34 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > >an email >with 11 MB of attachments takes 19 seconds with TLS turned off, and with >TLS on 662 seconds. > What if the message SIZE announcement is missing (not sent by google), if TLS is turned off? You'll get exactly this behavior. But both messages are from Google, so I think they either would or wouldn't send size, and it wouldn't be dependent on SSL. ( I turn TLS on and off for Google using NoTLS ip ranges which I get from their SPF) Hurry up! Close all doors and windows - Murphy has left your IT rooms! > He'll be back. That jerk seems to be able to walk through walls. The default TCP output buffer for a socket on windows differs from version to > version. w2k3 - 8kB > w2K8R2 - 64kB (with some dynamics) > w2k12R2 - not sure, but at least 64kB with default dynamics > SSL - 16kB encrypted data maximum on all OS > I'm running windows 2012r2. I just noticed that I had TCPBufferSize set to sslrcv = 0, sslsnd = 0. Under normal conditions any setting here will be not required. But, if you notice a bad SSL transmission performance in relation to the speed of plan TCP sockets, it may help to set both SSL buffer size to the size of the according system TCP buffer. like: sslrcv = 0, sslsnd = 0 I removed this setting and tested with 16270 (not the latest) and a slight improvement. Again, this is just one test though, I don't know if that really made a difference or if this one email was just faster. Whatever the case, this test was better, but still too slow at 550 seconds. What I wanted to let you know here is that the GUI at least says that the SSL buffer size is set to 64kB if you put sslrcv = 0, sslsnd = 0 on my system (which is consistent with what you said would happen, set to max tcp buffer size for system). You said that the max for all os is 16kB, so it seems like ASSP should insure this isn't exceeded. It might already internally, but doesn't indicate as such for the green message in the GUI when changes are applied. Might just be a display issue vs a functional one. We need to start a campaign to have Google send more than 1440 bytes per SSL frame. Why would they do that?!? Any chance that it's something they have that (seemingly pretty low) limit set just for good old me? And if others tend to send a much larger SSL frame, that would explain the speed disparity between email sources over TLS! I can't test today's new version right now, but absolutely will ASAP. Can't disrupt email flow at all during the day, and especially not today as tempers are recovering from a 2 hour long ISP outage earlier. ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
