[Ach] Postfix 2.9.6 (Wheezy) & tls Compression

micah micah at riseup.net
Sun Mar 6 15:52:52 CET 2016

Lewis G Rosenthal <lgrosenthal at 2rosenthals.com> writes:

> Hi...
> On 03/06/16 09:02 am, micah wrote:
>> Axel Huebl <axel.huebl at plasma.ninja> writes:
>>> just wanted to correct a section in Postfix:
>>> For 2.9.6 Wheezy (as described) the option
>>>    tls_ssl_options = NO_COMPRESSION
>> Since we are on this subject, why is this NO_COMPRESSION option
>> suggested? There is no rationale for why this setting is there.
>> The only issue with compression that I am aware of is CRIME, which is
>> irrelevant for SMTP.
> According to the postfix docs:
>     Compression is CPU-intensive, and compression before encryption does not
>     always improve security.
> For performance reasons alone, and the lack of evidence to support that it 
> would add better security, it is best left disabled.

Sure... but these recommendations are not about performance, if they
were I would expect other recommendations to also appear.

I dont think the clause 'compression before encryption does not always
improve security' means that compression should be disabled to improve


More information about the Ach mailing list