rsync & SSL 'for real'
gregorcy
gregorcy at eng.utah.edu
Wed Apr 18 22:34:15 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
that was a little harsh
Carson Gaspar wrote:
> Aaron W Morris wrote:
>> On 4/18/07, Carson Gaspar <carson at taltos.org> wrote:
>>> Lawrence D. Dunn wrote:
>>> > Colleagues,
>>> > If you do pursue SSL functionality directly in rsync,
>>> > please be sure to take a look at Chris Rapier's work
>>> > to "fix" standard ssh implementations, at:
>>> > http://www.psc.edu/networking/projects/hpn-ssh/
>>> >
>>> > Turns out "-e ssh" using most libraries puts a fixed-window-size
>>> > ssh-windowing
>>> > behavior on top of TCP - so for large bandwidth*delay product paths,
>>> > even if you use large TCP buffers (which Wayne added for such
>>> paths),
>>> > an "un-fixed" SSL library can clobber overall
>>> performance/throughput,
>>> > even for a perfectly clean (no errors/loss) path.
>>>
>>> SSL != SSH.
>>
>> This still applies (depending on the ssl toolkit being used). The
>> problem referenced here is the TCP window size is hard coded inside
>> the openssl library. In order to change the window size, one must
>> patch openssl.
>
> TCP window size is not, and can not, be hard coded inside openssl. Do
> you know what TCP window size is?
>
>> Of course, there is also the question of if openssl is the appropriate
>> toolkit to use with rsync. I am not sure of the issues with a GPL
>> binary linking against a BSD library. Perhaps GnuTLS is more
>> appropriate... (I know... this is probably a whole different can of
>> worms. :-) ).
>
> There is no license issue. This is just a troll.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGJpznVUgmzOrz1gcRAlQBAJsG2QaqebNMojq0gWk/O8q14gtj/QCcC35L
Fs+lgsA5vUoWPdvp4s6FLhQ=
=oBwN
-----END PGP SIGNATURE-----
More information about the rsync
mailing list