[Ach] Postfix 2.9.6 (Wheezy) & tls Compression
Lewis G Rosenthal
lgrosenthal at 2rosenthals.com
Sun Mar 6 15:28:50 CET 2016
Hi...
On 03/06/16 09:02 am, micah wrote:
> Axel Huebl <axel.huebl at plasma.ninja> writes:
>
>> just wanted to correct a section in Postfix:
>>
>> For 2.9.6 Wheezy (as described) the option
>>
>> tls_ssl_options = NO_COMPRESSION
> Since we are on this subject, why is this NO_COMPRESSION option
> suggested? There is no rationale for why this setting is there.
>
> The only issue with compression that I am aware of is CRIME, which is
> irrelevant for SMTP.
>
According to the postfix docs:
Compression is CPU-intensive, and compression before encryption does not
always improve security.
For performance reasons alone, and the lack of evidence to support that it
would add better security, it is best left disabled.
Of course, if the majority of the world were transporting over 14.4baud, we
might be having a different discussion. :-)
--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC www.2rosenthals.com
visit my IT blog www.2rosenthals.net/wordpress
IRS Circular 230 Disclosure applies see www.2rosenthals.com
-------------------------------------------------------------
More information about the Ach
mailing list