On Sep 29, 2009, at 6:57 AM, Timo Sirainen wrote:
So I guess if client is using SSLv23_client_method() instead of
SSLv3_client_method() or TLSv1_client_method() it doesn't work. Also
Thunderbird uses Network Security Services library instead of
OpenSSL, so it might not support compression a
On Sep 29, 2009, at 6:33 AM, Leonardo Rodrigues wrote:
with ssl3 and tls1 i can connect and see the zlib compression
being enabled.
Interesting.
- openssl s_client -ssl2 fails, because SSLv2 is disabled
- openssl s_client doesn't enable compression
- openssl s_client -tls1 or -ssl3 enab
well . here for me, with 'openssl s_client', i cant even connect
when using -ssl2:
[r...@correio ~]# openssl s_client -connect localhost:993 -ssl2
[ ... ]
27110:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher
list:s2_clnt.c:450:
[r...@correio ~]#
but that's probably because
More testing, seems all my imap clients attempt to use ssl2 first, and
from the openssl mailing list:
Oops, should've made this clearer. It is only clients than need to avoid the
old SSLv2 compatible methods and only use SSLv3/TLSv1. Nothing needs to be
done to a server.
http://www.mail
Ok last info.
using OpenSSL 0.9.8g
openssl s_client -connect host:993
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : SSLv3
Cipher: DHE-RSA-AES256-SHA
Session-ID:
1E5
Just playing some more and noticed using:
gnutls-cli (GnuTLS) 2.4.2
always says compression isn't supported, even when version 2.0.4 says it was.
gnutls-cli 2.4.2 from ubuntu 9.04 x64, Compression: DEFLATE, NULL
gnutls-cli 2.0.4 from ubuntu 8.04 x64, Compression: LZO, DEFLATE, NULL
I also noti
The command I used was:
gnutls-cli --protocols NORMAL:+COMP-DEFLATE --insecure -p 993
I have tried the --comp option, but it always fails for me (ubuntu 8.04)
gnutls-cli (GnuTLS) 2.0.4
Redhat is 5.3
Freebsd is 6.3
Quoting Leonardo Rodrigues :
Timo Sirainen escreveu:
And DEFLATE gives the
Leonardo Rodrigues escreveu:
probably there's some build option on CentOS that is disabling
compression. If 0.9.8b on Fedora8 built in October/2007 can do it, so
0.9.8e on CentOS 5.3 built on September/2009 should be able to do it
too ... oh boy, i really hate those weirds compilation
2009/9/28 Patrick Domack
> Hmm, strange results.
>
> My dovecot compiled on freebsd using openssl doesn't do compression.
> But my dovecot compiled on redhat using openssl does do it.
>
> redhat openssl 0.9.8b
> freebsd openssl 0.9.7e (really old)
You don't say which version of FreeBSD you usin
Timo Sirainen escreveu:
And DEFLATE gives the exact same error? LZO isn't supported by OpenSSL.
yes ... error from DEFLATE and LZO are exactly the same on
gnutls-cli output and maillog on the CentOS 5.3 box.
Well, not the same server but looks like this one works too:
gnutls-cli --pr
On Mon, 2009-09-28 at 15:38 -0300, Leonardo Rodrigues wrote:
> trying LZO and DEFLATE gives an error:
>
> [r...@correio dovecot]# gnutls-cli --insecure -p 993 localhost --comp
> LZO
..
> Sep 28 15:35:05 correio dovecot: imap-login: Disconnected (no auth
> attempts): rip=127.0.0.1, lip=127
Timo Sirainen escreveu:
See if you can get gnutls-cli from somewhere (gnutls-utils package I
think?). Using the gnutls-cli command from my previous mail would show
if your OpenSSL is at least able to use compression. Anyway I wouldn't
be surprised if you couldn't find any clients that are really
On Mon, 2009-09-28 at 15:07 -0300, Leonardo Rodrigues wrote:
> i have applied the provided patch, recompiled and installed dovecot
> 1.2.5 new binaries. This is what i get from logs:
>
> Sep 28 14:44:43 correio dovecot: imap-login: Login:
> user=, method=PLAIN, rip=189.114.xx.x,
> lip=200.1
Timo Sirainen escreveu:
I think the compression support in OpenSSL is relatively new, so it's
entirely possible that it's only in v0.9.8 and newer.
from a fully upgraded CentOS 5.3 x86_64 box:
[r...@correio dovecot]# rpm -qi openssl
Name: openssl Relocations
Patrick Domack wrote:
Hmm, strange results.
My dovecot compiled on freebsd using openssl doesn't do compression.
But my dovecot compiled on redhat using openssl does do it.
redhat openssl 0.9.8b
freebsd openssl 0.9.7e (really old)
Hey, we are up to 0.9.8k now...! Even 0.9.8b is over 3 years
On Mon, 2009-09-28 at 12:55 -0400, Patrick Domack wrote:
> Hmm, strange results.
>
> My dovecot compiled on freebsd using openssl doesn't do compression.
> But my dovecot compiled on redhat using openssl does do it.
>
> redhat openssl 0.9.8b
> freebsd openssl 0.9.7e (really old)
I think the comp
Hmm, strange results.
My dovecot compiled on freebsd using openssl doesn't do compression.
But my dovecot compiled on redhat using openssl does do it.
redhat openssl 0.9.8b
freebsd openssl 0.9.7e (really old)
Quoting Ed W :
Timo Sirainen wrote:
On Sep 22, 2009, at 9:08 PM, Leonardo Rodrigue
Timo Sirainen wrote:
On Mon, 2009-09-28 at 16:01 +0100, Ed W wrote:
If your OpenSSL supports it, Dovecot supports it. I recently tested
this with gnutls-cli program, openssl s_client for some reason didn't
support it. I've no idea if any actual IMAP clients support it.
I think this
Leonardo Rodrigues wrote:
When searching for that, i found that there's already a RFC for a
COMPRESS imap extension ... as imagined, there are pretty few clients
that supports it Thunderbird 3 Beta supports it but asking
customers to use a Beta software is not acceptable. So, we'
Ed W escreveu:
I notice that the openssl docs require compression to be specifically
enabled and are somewhat scathing about support...
http://www.openssl.org/docs/ssl/SSL_COMP_add_compression_method.html
Anyone care to comment further?
When i created this thread, some weeks ago, i hav
Timo Sirainen wrote:
On Sep 22, 2009, at 9:08 PM, Leonardo Rodrigues wrote:
is there anything that can be easily used to automatically compress
IMAP traffic between client and server ? I was thinking if the
SSL/TLS code enables some kind of compression as well.
If your OpenSSL supports it,
On Mon, 2009-09-28 at 16:01 +0100, Ed W wrote:
> > If your OpenSSL supports it, Dovecot supports it. I recently tested
> > this with gnutls-cli program, openssl s_client for some reason didn't
> > support it. I've no idea if any actual IMAP clients support it.
> >
>
> I think this kind of featur
Timo Sirainen wrote:
On Sep 22, 2009, at 9:08 PM, Leonardo Rodrigues wrote:
is there anything that can be easily used to automatically compress
IMAP traffic between client and server ? I was thinking if the
SSL/TLS code enables some kind of compression as well.
If your OpenSSL supports it,
On Wednesday 23 September 2009 04:21:59 Leonardo Rodrigues wrote:
> i'm using OpenSSL shipped from CentOS 5.3 . is there any easy to
> check if the shipped OpenSSL supports that ???
>
do a packet capture and examine with wireshark to see if the TLS connection
negotiates to a compressed c
Timo Sirainen escreveu:
If your OpenSSL supports it, Dovecot supports it. I recently tested
this with gnutls-cli program, openssl s_client for some reason didn't
support it. I've no idea if any actual IMAP clients support it.
i'm using OpenSSL shipped from CentOS 5.3 . is there any ea
On Sep 22, 2009, at 9:08 PM, Leonardo Rodrigues wrote:
is there anything that can be easily used to automatically
compress IMAP traffic between client and server ? I was thinking if
the SSL/TLS code enables some kind of compression as well.
If your OpenSSL supports it, Dovecot supports it
Simply (and maybe stupid) question ..
is there anything that can be easily used to automatically compress
IMAP traffic between client and server ? I was thinking if the SSL/TLS
code enables some kind of compression as well.
the idea is to reduce IMAP traffic between server and c
27 matches
Mail list logo
