rsync & SSL 'for real'

Lawrence D. Dunn ldunn at
Thu Apr 19 16:22:07 GMT 2007

   My mistake- read "SSL", immediately started thinking "ssh",
   and issues there. No excuse.
   So- my comments aren't applicable to the SSL-for-real discussion -
   apologies to the list.

   (Aside: the issues with ssh are not about modifying TCP buffers.
    They are about a fixed-size ssh-windowing behavior,
     which happens "on top of" whatever TCP is allowing.
    The end result  is similar to having too-small TCP buffers.
    That's what Chris' patch addresses - he allows the ssh-windowing
     behavior to become dynamic, essentially tracking TCP's window size.
     Current Linux releases do a good job of auto-tuning TCP buffers,
     without need for manual adjustment. )

   Again- sorry for the tangent.


At 1:21 PM -0700 4/18/07, Carson Gaspar wrote:
>Lawrence D. Dunn wrote:
>>   If you do pursue SSL functionality directly in rsync,
>>   please be sure to take a look at Chris Rapier's work
>>   to "fix" standard ssh implementations, at:
>>   Turns out "-e ssh" using most libraries puts a fixed-window-size 
>>   behavior on top of TCP - so for large bandwidth*delay product paths,
>>   even if you use large TCP buffers (which Wayne added for such paths),
>>   an "un-fixed" SSL library can clobber overall performance/throughput,
>>   even for a perfectly clean (no  errors/loss) path.
>SSL != SSH.
>To unsubscribe or change options: 
>Before posting, read:

More information about the rsync mailing list