Folks, I didn't find this issue discussed in this list's archives, so here goes....
I've recently been made aware of a problem with SSL connection startup interacting with some TCP stacks' implementations of the Nagle algorithm, which is used to coalesce what would be lots of tiny (1-character or so) packets into larger packets, and the stacks' delayed-ACK schemes. I'm no expert, but here are some references that discuss the issue in detail: http://www.cs.nyu.edu/artg/research/speedingTCP/buff_goldberg_speeding_up_TCP.ps http://www.etestinglabs.com/bi/cont1998/1998print/slowserv.asp http://www.sun.com/sun-on-net/performance/tcp.slowstart.html In general, I'm reluctant to override anything that's part of the TCP protocol, but there seem to be some good arguments for turning off the Nagle algorithm (on the sending side) for non-interactive protocols like HTTP and HTTPS (I say "non-interactive" in the sense that these protocols are not sending characters being typed by a user, nor mouse events via X11, etc.). In particular, Apache web servers seem to do this (via the TCP_NODELAY socket option) for both HTTP and HTTPS connections, and I see that the commonly-used "stunnel" application allows this to be set by the invoker. All this reading has led me to look for a way to set TCP_NODELAY for secure IMAP sessions, since some of our users think this Nagle thing might be affecting our secure IMAP connections. In particular, I'm wondering if the Eudora SSL failures described in the UW IMAP FAQ item 7.41 could be related to this issue: 7.41 Why can't I connect via SSL to Eudora? It says the connection has been broken, and in the server syslogs I see "Command stream end of file". I don't know. However, there is a report that you can fix the problem by going into Eudora's advanced network configuration menu and increasing the network buffer size to 8192. Since we use the UW-IMAP server here, I looked at the code and found no socket options being tweaked at all, let alone the Nagle setting. Has there simply been no need? Regards, -- Marion Hakanson <[EMAIL PROTECTED]> CSE Computing Facilities -- ----------------------------------------------------------------- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/imap-list.html -----------------------------------------------------------------
