As I mentioned to you earlier, the activation of the ZLIB code in
OpenSSL is providing a 200% increase in throughput on my DSL
connections when used to connect Kermit's Telnet client to your TLS
Telnetd. However, I am having large numbers of problems with the ZLIB
code. On Unix, if libssl was built without ZLIB and the application
was built with it, then you get a
SSL_connect:error in 3WFINB SSLv3 write finished A
10879:error:1406808D:SSL routines:DO_SSL3_WRITE:compression failure:s3_pkt.c:587:
error during TLS negotiation. It seems that the library is not smart
enough to know not to attempt compression negotiation if it doesn't
support it.
When ZLIB is built into the library I am seeing frequent stack
corruption from calls made from OpenSSL to ZLIB routines. We are
going to have to spend some serious time looking over this code.
I am cc'ing this to openssl-dev to see if anyone else has any
experience with this code.
- Jeff
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
