[Ach] Postfix 2.9.6 (Wheezy) & tls Compression

Lewis G Rosenthal lgrosenthal at 2rosenthals.com
Sun Mar 6 15:28:50 CET 2016


On 03/06/16 09:02 am, micah wrote:
> Axel Huebl <axel.huebl at plasma.ninja> writes:
>> just wanted to correct a section in Postfix:
>> For 2.9.6 Wheezy (as described) the option
>>    tls_ssl_options = NO_COMPRESSION
> Since we are on this subject, why is this NO_COMPRESSION option
> suggested? There is no rationale for why this setting is there.
> The only issue with compression that I am aware of is CRIME, which is
> irrelevant for SMTP.

According to the postfix docs:

    Compression is CPU-intensive, and compression before encryption does not
    always improve security.

For performance reasons alone, and the lack of evidence to support that it 
would add better security, it is best left disabled.

Of course, if the majority of the world were transporting over 14.4baud, we 
might be having a different discussion. :-)

Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
visit my IT blog                www.2rosenthals.net/wordpress
IRS Circular 230 Disclosure applies   see www.2rosenthals.com

More information about the Ach mailing list