[syslog-ng] mis-claimed features: network link compression w/ TLS
Balazs Scheidler
bazsi at balabit.hu
Fri Jun 4 12:35:36 CEST 2010
On Sun, 2010-05-16 at 19:23 +0000, Robin H. Johnson wrote:
> The comparison table:
> http://www.balabit.com/network-security/syslog-ng/comparing/detailed/
>
> Lists:
> "Support for network link compression when using TLS"
> But I can't find it in the OSE at all.
>
> There are NO calls to the OpenSSL COMP* functions, nor any usage of
> compression functions that I can find.
openssl uses compression if TLSv1 is negotiated by default. The bad
thing my last tests showed that it doesn't really help bandwidth wise.
But if you look at the unencrypted part of the TLS handshake with
ethereal (wireshark) you can see that compression gets enabled.
In fact this line got added to the source because if SSLv2 fallback is
enabled compression doesn't get enabled during the TLS handshake.
SSL_CTX_set_options(self->ssl_ctx, SSL_OP_NO_SSLv2);
>
> The Flex and Yacc grammar DO include a 'compress' keyword, but data from
> it is not actually used.
That's right.
>
> I'm looking for some reasonable compression to cut down on network
> traffic one some Gentoo boxes where there is a very limited upstream
> network connection. Traffic is about 2.4GiB/day, over a 1Mbit link.
>
> Plain gzip after the fact gets >90% compression, but I'd like the logs
> in near-realtime to the remote logging destinations (multiple).
>
> I do also realize that we're going to be limited by packet compression,
> unless we keep some form of running dictionary, but I think even with
> that, we should get a good size reduction.
>
This feature is already on the table, but we're not there yet.
--
Bazsi
More information about the syslog-ng
mailing list