rsync & SSL 'for real'
Carson Gaspar
carson at taltos.org
Wed Apr 18 22:25:11 GMT 2007
Aaron W Morris wrote:
> On 4/18/07, Carson Gaspar <carson at taltos.org> wrote:
>> Lawrence D. Dunn wrote:
>> > Colleagues,
>> > If you do pursue SSL functionality directly in rsync,
>> > please be sure to take a look at Chris Rapier's work
>> > to "fix" standard ssh implementations, at:
>> > http://www.psc.edu/networking/projects/hpn-ssh/
>> >
>> > Turns out "-e ssh" using most libraries puts a fixed-window-size
>> > ssh-windowing
>> > behavior on top of TCP - so for large bandwidth*delay product paths,
>> > even if you use large TCP buffers (which Wayne added for such paths),
>> > an "un-fixed" SSL library can clobber overall performance/throughput,
>> > even for a perfectly clean (no errors/loss) path.
>>
>> SSL != SSH.
>
> This still applies (depending on the ssl toolkit being used). The
> problem referenced here is the TCP window size is hard coded inside
> the openssl library. In order to change the window size, one must
> patch openssl.
TCP window size is not, and can not, be hard coded inside openssl. Do
you know what TCP window size is?
> Of course, there is also the question of if openssl is the appropriate
> toolkit to use with rsync. I am not sure of the issues with a GPL
> binary linking against a BSD library. Perhaps GnuTLS is more
> appropriate... (I know... this is probably a whole different can of
> worms. :-) ).
There is no license issue. This is just a troll.
--
Carson
More information about the rsync
mailing list