rsync & SSL 'for real'

Carson Gaspar carson at
Wed Apr 18 22:25:11 GMT 2007

Aaron W Morris wrote:
> On 4/18/07, Carson Gaspar <carson at> wrote:
>> Lawrence D. Dunn wrote:
>> > Colleagues,
>> >   If you do pursue SSL functionality directly in rsync,
>> >   please be sure to take a look at Chris Rapier's work
>> >   to "fix" standard ssh implementations, at:
>> >
>> >
>> >   Turns out "-e ssh" using most libraries puts a fixed-window-size
>> > ssh-windowing
>> >   behavior on top of TCP - so for large bandwidth*delay product paths,
>> >   even if you use large TCP buffers (which Wayne added for such paths),
>> >   an "un-fixed" SSL library can clobber overall performance/throughput,
>> >   even for a perfectly clean (no  errors/loss) path.
>> SSL != SSH.
> This still applies (depending on the ssl toolkit being used).  The
> problem referenced here is the TCP window size is hard coded inside
> the openssl library.  In order to change the window size, one must
> patch openssl.

TCP window size is not, and can not, be hard coded inside openssl. Do
you know what TCP window size is?

> Of course, there is also the question of if openssl is the appropriate
> toolkit to use with rsync.  I am not sure of the issues with a GPL
> binary linking against a BSD library.  Perhaps GnuTLS is more
> appropriate...  (I know... this is probably a whole different can of
> worms.   :-) ).

There is no license issue. This is just a troll.


More information about the rsync mailing list