rsync & SSL 'for real'

Andreas Kotes count-linux at flatline.de
Thu Apr 19 00:51:32 GMT 2007


Hello,

* Aaron W Morris <aaronwmorris at gmail.com> [20070419 02:25]:
> >>> This still applies (depending on the ssl toolkit being used).  The
> >>> problem referenced here is the TCP window size is hard coded inside
> >>> the openssl library.  In order to change the window size, one must
> >>> patch openssl.
> >>
> >> TCP window size is not, and can not, be hard coded inside openssl. Do
> >> you know what TCP window size is?

well, tuning the TCP parameters can (which is basically what the patch
does), but I think this should be left to the kernel / OS via sysctl and
the like, so I won't touch what's happening there.

> >>> Of course, there is also the question of if openssl is the appropriate
> >>> toolkit to use with rsync.  I am not sure of the issues with a GPL
> >>> binary linking against a BSD library.  Perhaps GnuTLS is more
> >>> appropriate...  (I know... this is probably a whole different can of
> >>> worms.   :-) ).
> >>
> >> There is no license issue.

There would be a serious licence issue the other way round, but BSD is a
tad more permissive than the GPL is, so - no problem there BUT: there is
an advertisement clause, so rsync would need to display certain messages
when compiled with OpenSSL.

I'm used to working with the OpenSSL (and ssleay before) API, but I
suppose I'd enjoy learning gnutls as well - albeit it's not as
self-contained as OpenSSL is (hello gnupg!), and the API is quite
different (OpenSSL has grown to it's current state, when gnutls was
started they already knew what's about to be required).

The planned features would have to be revised, as it doesn't support
hardware engines (which the bulk of the users won't use anyway and
seldom can cope compared to raw CPU power in the long run) and could
possibly offer more/other stuff than OpenSSL does.

In the end, both have my confidence (the code is mature and well in
production use, so lots of bugs have already been shaken loose), the
basic featureset is the same - and while I'll look at the OpenSSL-patch,
I'll not necessarily base my work directly on it - not much harm done
changing horses before the real race.

Opinions?

> >> This is just a troll.

just who exactly are you talking about? ;)

Best regards,

   Andreas

-- 
"God is a comedian playing to an audience too afraid to laugh." -- H.L.Mencken


More information about the rsync mailing list